USG FLEX50(W) / USG20(W)-VPN versions ZLD V4.25 to V5.36 Patch 1 are covered by ZLD V5.36 Patch 2.USG FLEX versions ZLD V4.50 to V5.36 Patch 1 are covered by ZLD V5.36 Patch 2.ATP versions ZLD V4.32 to V5.36 Patch 1 are covered by ZLD V5.36 Patch 2.The security advisory lists the vulnerable firewall series that are within their vulnerability support period: In case that isn't enough reason for you to act urgently, it is worth remembering that it only took four days for the first active exploitation to take place after Zyxel patched CVE-2022-30525 last year. The CVEs patched in these updates are:ĬVE-2023-33009: A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1.ĬVE-2023-33010: Another buffer overflow vulnerability in the ID processing function in the same Zyxel firmware versions.Ī buffer overflow is a type of software vulnerability that exists when an area of memory within a software application reaches its address boundary and writes into an adjacent memory region.īoth vulnerabilities received a CVSS score of 9.8 out of 10. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. Exploitation of these vulnerabilities could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on the affected Zyxell firewalls.Īffected users should patch as a matter of urgency, and we urge you not to expose the management interfaces of network edge devices to the Internet, in order to reduce their attack surface. One of our experts will be able to assist you shortly.Zyxell has released a security advisory for multiple buffer overflow vulnerabilities. This file will include the FRST logs generated from the previous set of instructionsĪttach this file to your forum post by clicking on the "Drag files here to attach, or choose files." or simply drag the file to the attachment area This will produce one log file on your desktop: mb-check-results.zip Download MB-Check and save to your desktopĭouble-click to run MB-Check and within a few second the command window will open, press "Enter" to accept the EULA then click "OK". Leave the log files in the current location, they will be automatically collected by mb-check once you complete the next set of instructions This will produce two files in the same location (directory) as FRST: FRST.txt and Addition.txt You can check here if you're not sure if your computer is 32-bit or 64-bitĭouble-click to run FRST and when the tool opens click "Yes" to the disclaimer Note: You need to run the version compatible with your system. Download FRST and save it to your desktop. NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system. If you haven't done so already, please run these two tools and then attach the logs in your next reply:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |