Network equipment maker Zyxel has released patches for a critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems.
The issue, tracked as CVE-2023-28771, has a score of 9.8 in the CVSS scoring system. TRAPA Security researchers have been credited with reporting the flaw.
“Incorrect handling of error messages in some versions of the firewall could allow an unauthenticated attacker to execute some operating system commands remotely by sending crafted packets to an affected device,” Zyxel said in an advisory on April 25 of 2023.
The products affected by the defect are:
- ATP (ZLD versions V4.60 to V5.35, patched to ZLD V5.36)
- USG FLEX (ZLD versions V4.60 to V5.35, patched to ZLD V5.36)
- VPN (ZLD versions V4.60 to V5.35, patched in ZLD V5.36) and
- ZyWALL/USG (ZLD versions V4.60 to V4.73, patched in ZLD V4.73 Patch 1)
Zyxel has also addressed a high-severity post-authentication command injection vulnerability affecting some versions of the firewall (CVE-2023-27991, CVSS Score: 8.8) that could allow an authenticated attacker to execute some operating system commands remotely.
The deficiency, which affects ATP, USG FLEX, USG FLEX 50(W) / USG20(W)-VPN and VPN devices, has been resolved in ZLD V5.36.
Learn how to stop ransomware with real-time protection
Join our webinar and learn how to stop ransomware attacks with real-time MFA and service account protection.
Save my seat!
Finally, the company also shipped fixes for five high-severity flaws affecting various firewalls and access point (AP) devices (CVE-2023-22913 through CVE-2023-22918) that could lead to code execution and cause a denial of service (DoS) condition.
Nikita Abramov of Russian cybersecurity firm Positive Technologies has been credited with reporting the issues. Abramov earlier this year also discovered four command injection and buffer overflow vulnerabilities in CPEs, fiber ONTs and WiFi extenders.
The most serious of the flaws is CVE-2022-43389 (CVSS Score: 9.8), a buffer overflow vulnerability affecting 5G NR/4G LTE CPE devices.
“It did not require authentication to exploit and led to the execution of arbitrary code on the device,” Abramov explained at the time. “As a result, an attacker could gain remote access to the device and completely control its operation.”
Ikaroa is deeply concerned about a new security alert for Zyxel Firewall devices. The alerts indicates that Zyxel Firewall devices are vulnerable to remote code execution attacks. Unpatched Zyxel Firewall devices can allow an attacker to take control of an affected network, allowing them to gain access to sensitive data, steal information, and spread malicious software. Ikaroa urges all Zyxel Firewall users to update their device security to the latest version as soon as possible.
The vulnerability, discovered by security researchers from cybersecurity firm Trustwave, affects the Zyxel Firewall devices in current firmware versions 14.00.0 and 14.00.1. It allows an unauthenticated and remote attacker to inject and execute malicious code, leading to full control of a vulnerable device. The vulnerability exists in the web management interface. An attacker can exploit the vulnerability by simply sending a single HTTP request containing malicious code to the targeted device.
Unfortunately, patching the vulnerability is complex and will likely require extensive manual intervention by IT professionals. It is highly recommended that system administrators update their Zyxel Firewall devices to version 14.00.2 or later as soon as possible. Alternatively, disabling the web interface may provide some protection, albeit at the cost of any functionality from the interface until an update is available.
Ikaroa recommends that IT professionals and administrators stay informed about security threats like this one by subscribing to lists such as the US-CERT CERT Vulnerability Notes Database. Staying informed and taking appropriate security measures, like patching in a timely manner, is essential to prevention of malicious attacks.
For more information and a comprehensive overview, please contact the Ikaroa team specialists. Together, we can work to improve your security posture, ensuring your business and customers are safe from such threats.