/

CVE-2023-28771 Report - Details, Severity, & Advisorie...

CVE-2023-28771 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2023-28771 is a critical vulnerability affecting a range of Zyxel devices, including their ATP, USG FLEX, VPN, and ZyWALL/USG series. This vulnerability, caused by improper error message handling, allows an unauthenticated attacker to execute some operating system commands remotely by sending crafted packets to an affected device. The severity of this vulnerability is rated as 9.8 out of 10, making it crucial for users to update their systems to patched firmware versions to protect against potential attacks.

How do I know if I'm affected?

If you're using a Zyxel device from the ATP, USG FLEX, VPN, or ZyWALL/USG series, you might be affected by the CVE-2023-28771 vulnerability. Specifically, devices with firmware versions 4.60 through 4.73 for ZyWALL/USG, 4.60 through 5.35 for VPN and USG FLEX, and 4.60 through 5.35 for ATP are at risk. To determine if you're affected, check your device's firmware version and compare it to the mentioned vulnerable versions.

What should I do if I'm affected?

If you're affected by the CVE-2023-28771 vulnerability, it's crucial to take action. First, check if your Zyxel device has a firmware update available and install it. For ATP, USG FLEX, and VPN series, update to ZLD V5.36, and for ZyWALL/USG series, update to ZLD V4.73 Patch 1. If you need assistance, contact your local service representative or visit Zyxel's Community.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-28771 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as Zyxel Multiple Firewalls OS Command Injection Vulnerability, was added to the catalog on May 31, 2023, with a due date of June 21, 2023. The required action is to apply updates according to the vendor's instructions.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-78 involves improper neutralization of special elements in OS commands, allowing unauthenticated attackers to remotely execute commands on affected Zyxel devices. Patches are available to fix this issue.

For more details

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-28771 Report - Details, Severity, & Advisorie...

CVE-2023-28771 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2023-28771 is a critical vulnerability affecting a range of Zyxel devices, including their ATP, USG FLEX, VPN, and ZyWALL/USG series. This vulnerability, caused by improper error message handling, allows an unauthenticated attacker to execute some operating system commands remotely by sending crafted packets to an affected device. The severity of this vulnerability is rated as 9.8 out of 10, making it crucial for users to update their systems to patched firmware versions to protect against potential attacks.

How do I know if I'm affected?

If you're using a Zyxel device from the ATP, USG FLEX, VPN, or ZyWALL/USG series, you might be affected by the CVE-2023-28771 vulnerability. Specifically, devices with firmware versions 4.60 through 4.73 for ZyWALL/USG, 4.60 through 5.35 for VPN and USG FLEX, and 4.60 through 5.35 for ATP are at risk. To determine if you're affected, check your device's firmware version and compare it to the mentioned vulnerable versions.

What should I do if I'm affected?

If you're affected by the CVE-2023-28771 vulnerability, it's crucial to take action. First, check if your Zyxel device has a firmware update available and install it. For ATP, USG FLEX, and VPN series, update to ZLD V5.36, and for ZyWALL/USG series, update to ZLD V4.73 Patch 1. If you need assistance, contact your local service representative or visit Zyxel's Community.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-28771 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as Zyxel Multiple Firewalls OS Command Injection Vulnerability, was added to the catalog on May 31, 2023, with a due date of June 21, 2023. The required action is to apply updates according to the vendor's instructions.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-78 involves improper neutralization of special elements in OS commands, allowing unauthenticated attackers to remotely execute commands on affected Zyxel devices. Patches are available to fix this issue.

For more details

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the resources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-28771 Report - Details, Severity, & Advisories

Twingate Team

May 9, 2024

CVE-2023-28771 is a critical vulnerability affecting a range of Zyxel devices, including their ATP, USG FLEX, VPN, and ZyWALL/USG series. This vulnerability, caused by improper error message handling, allows an unauthenticated attacker to execute some operating system commands remotely by sending crafted packets to an affected device. The severity of this vulnerability is rated as 9.8 out of 10, making it crucial for users to update their systems to patched firmware versions to protect against potential attacks.

How do I know if I'm affected?

If you're using a Zyxel device from the ATP, USG FLEX, VPN, or ZyWALL/USG series, you might be affected by the CVE-2023-28771 vulnerability. Specifically, devices with firmware versions 4.60 through 4.73 for ZyWALL/USG, 4.60 through 5.35 for VPN and USG FLEX, and 4.60 through 5.35 for ATP are at risk. To determine if you're affected, check your device's firmware version and compare it to the mentioned vulnerable versions.

What should I do if I'm affected?

If you're affected by the CVE-2023-28771 vulnerability, it's crucial to take action. First, check if your Zyxel device has a firmware update available and install it. For ATP, USG FLEX, and VPN series, update to ZLD V5.36, and for ZyWALL/USG series, update to ZLD V4.73 Patch 1. If you need assistance, contact your local service representative or visit Zyxel's Community.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-28771 vulnerability is indeed listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as Zyxel Multiple Firewalls OS Command Injection Vulnerability, was added to the catalog on May 31, 2023, with a due date of June 21, 2023. The required action is to apply updates according to the vendor's instructions.

Weakness enumeration

The weakness enumeration for this vulnerability is categorized as CWE-78 involves improper neutralization of special elements in OS commands, allowing unauthenticated attackers to remotely execute commands on affected Zyxel devices. Patches are available to fix this issue.

For more details

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD or the resources listed below.