Zyxel recently discovered two critical vulnerabilities in some of its networking gear and has urged users to apply the patch immediately.
Both vulnerabilities are buffer overflows, allowing for denial-of-service (DoS) attacks, as well as remote code execution (RCE), and both were found in some of Zyxel’s firewall and VPN products, and carry a severity score of 9.8 (critical). They are now being tracked as CVE-2023-33009, and CVE-2023-33010.
„Зикел је објавио закрпе за заштитне зидове на које утичу вишеструке рањивости прекорачења бафера“, наводи се у безбедносном савету компаније. „Корисницима се саветује да иһ инсталирају ради оптималне заштите.“
Погођени су бројни уређаји
To check whether or not your endpoints are vulnerable, inspect if they’re powered by this firmware:
Zyxel ATP firmware versions ZLD V4.32 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
Zyxel USG FLEX firmware versions ZLD V4.50 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
Zyxel USG FLEX50(W) / USG20(W)-VPN firmware versions ZLD V4.25 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
Zyxel VPN firmware versions ZLD V4.30 to V5.36 Patch 1 (fixed in ZLD V5.36 Patch 2)
Zyxel ZyWALL/USG firmware versions ZLD V4.25 to V4.73 Patch 1 (fixed in ZLD V4.73 Patch 2)
While vendors are usually quick to issue patches for high-severity flaws, organizations aren’t that diligent with applying them, risking data breaches, and in some cases even ransomware.
SMBs could be particularly at risk as these are the typical target markets for the affected products, used to protect their networks and allow secure access for remote workers and home-office employees.
How that Zyxel released the patch, threat actors will monitor the open internet for vulnerable versions of the endpoints and will look for an opening to exploit.
преко БлеепингЦомпутер