Zyxel USG FLEX 4.16 < 5.39 Multiple Vulnerabilities

high Nessus Plugin ID 206737

Synopsis

The remote security gateway is affected by multiple vulnerabilities.

Description

The Firmware version of the Zyxel USG FLEX device is affected by multiple vulnerabilities:

- A command injection vulnerability in the IPSec VPN feature of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists. (CVE-2024-42057)

- A buffer overflow vulnerability in the CGI program of Zyxel ATP series firmware versions from V4.32 through V5.38, USG FLEX series firmware versions from V4.50 through V5.38, USG FLEX 50(W) series firmware versions from V4.16 through V5.38, and USG20(W)-VPN series firmware versions from V4.16 through V5.38 could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
(CVE-2024-6343)
- A post-authentication command injection vulnerability in some firewall versions could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted internal user agreement file to the vulnerable device. (CVE-2024-42060)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Zyxel USG FLEX to version 5.39 or later.

See Also

http://www.nessus.org/u?090fed1a

Plugin Details

Severity: High

ID: 206737

File Name: zyxel_usg_atp_20240903_5.nasl

Version: 1.2

Type: combined

Family: Firewalls

Published: 9/6/2024

Updated: 9/9/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

CVSS Score Source: CVE-2024-42060

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2024-42057

Vulnerability Information

CPE: cpe:/h:zyxel:usg_flex

Required KB Items: installed_sw/Zyxel Unified Security Gateway (USG)

Exploit Ease: No known exploits are available

Patch Publication Date: 9/3/2024

Vulnerability Publication Date: 9/3/2024

Reference Information

CVE: CVE-2024-42057, CVE-2024-42060, CVE-2024-42061, CVE-2024-6343

IAVA: 2024-A-0534