Zyxel USG < 5.37 Command Injection (CVE-2023-28767)

high Nessus Plugin ID 178464

Synopsis

The remote security gateway is affected by a command injection vulnerability.

Description

Firmware version of the Zyxel USG, ATP, or VPN is less than 5.37 and is affected by a vulnerability. The configuration parser fails to sanitize user-controlled input. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Zyxel USG / ATP / VPN to 5.37 or later.

See Also

http://www.nessus.org/u?315d4ab6

Plugin Details

Severity: High

ID: 178464

File Name: zyxel_usg_cve-2023-28767.nasl

Version: 1.3

Type: combined

Family: Firewalls

Published: 7/19/2023

Updated: 12/1/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-28767

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: x-cpe:/h:zyxel:usg, x-cpe:/o:zyxel:usg, cpe:/h:zyxel:usg_flex

Required KB Items: installed_sw/Zyxel Unified Security Gateway (USG)

Exploit Ease: No known exploits are available

Patch Publication Date: 7/18/2023

Vulnerability Publication Date: 7/18/2023

Reference Information

CVE: CVE-2023-28767

IAVA: 2023-A-0372-S