Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
CISA included CVE-2023-33009 and CVE-2023-33010 Zyxel Firewalls flaws in its Known Exploited Vulnerabilities (KEV) catalog. The new CVEs could lead to a denial-of-service (DoS) condition and remote code execution.
The flaws are buffer overflow vulnerabilities and were rated 9.8 out of 10 on the CVSS scoring system. Zyxel released patches on May 24th, 2023, and urged its clients to apply them as soon as possible.
Following Devices Need Patching
Since patches for the firewalls impacted by the new buffer overflow vulnerabilities are available, users are advised to install them immediately. According to the researchers, the vulnerable firewall series are:
- ATP (versions ZLD V4.32 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
- USG FLEX (versions ZLD V4.50 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
- USG FLEX50(W) / USG20(W)-VPN (versions ZLD V4.25 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
- VPN (versions ZLD V4.30 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2), and
- ZyWALL/USG (versions ZLD V4.25 to V4.73 Patch 1, patched in ZLD V4.73 Patch 2)
More About the New Zyxel Vulnerabilities
According to Zyxel, if exploited, both flaws can result in denial-of-service (DoS) and remote code execution (RCE) attacks.
- CVE-2023-33009 is a buffer overflow vulnerability residing in the notification function of some firewall versions. It could enable an unauthenticated malicious actor to cause DoS conditions and RCE.
- CVE-2023-33010 is a buffer overflow vulnerability found in the ID processing function in some firewall versions. It can too permit an unauthenticated threat actor to create DoS conditions and RCE on a victim endpoint.
Prevention Measures Against Zyxel Firewall Vulnerabilities
The news came only days after another vulnerability, tracked CVE-2023-28771 and rated 9.8 on the CVSS scoring system, was found on Zyxel devices. On that occasion, threat actors actively exploited CVE-2023-28771 to enlist victim machines into a Mirai botnet.
Consequently, Federal Civilian Executive Branch (FCEB) agencies should remediate the flaws until June 26, 2023.
Zyxel also issued an alert last week, warning customers to disable unnecessary HTTP/HTTPS services from WAN and disable UDP ports 500 and 4500 if the use of IPSec VPN is not required.
In addition, security specialists recommend immediate patching of the Zyxel firewall vulnerabilities, in order to protect networks.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
Heimdal® Patch & Asset Management
- Create policies that meet your exact needs;
- Full compliance and CVE/CVSS audit trail;
- Gain extensive vulnerability intelligence;
- And much more than we can fit in here...
