2023/05/23 Urgent Patch Firmware Released to address Buffer Overflow Issues

Options
Mario
Mario Posts: 104  Ally Member
First Anniversary 10 Comments Friend Collector Zyxel Certified Network Engineer Level 1 - Security

i have just received a notification that a zero day buffer overflow is being widely exploited against Zyxel firewalls.
Please immediately publish the information known so far to mitigate the threat.
Which service is affected?
Is there IOC for these attacks?

Thanks

Mario

All Replies

  • Mario
    Mario Posts: 104  Ally Member
    First Anniversary 10 Comments Friend Collector Zyxel Certified Network Engineer Level 1 - Security
    Options

    By the way: The fixed firmware can be found at the following link:

    https://onedrive.live.com/?authkey=%21ABWbXyqWe9ilNPE&id=A33C4D75C38DDF7D%2129181&cid=A33C4D75C38DDF7D

  • Zyxel_Stanley
    Zyxel_Stanley Posts: 1,374  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    The issue has fixed by firmware. You can download firmware by this thread.

  • Mario
    Mario Posts: 104  Ally Member
    First Anniversary 10 Comments Friend Collector Zyxel Certified Network Engineer Level 1 - Security
    Options

    @Zyxel_Stanley

    Thanks for your feedback.
    Since zyxel was able to create a fix for the problem, it must be obvious where the problem is?
    Over which port / service is the attack taking place?

  • ticsystems
    ticsystems Posts: 59  ZCNE Certified
    First Anniversary ZCNE Security Level 1 Certification - 2020 10 Comments Nebula Gratitude
    Options

    ATP100 Not working. File damage.

  • Mario
    Mario Posts: 104  Ally Member
    First Anniversary 10 Comments Friend Collector Zyxel Certified Network Engineer Level 1 - Security
    Options

    Additional information can be found at zyxel EMEA

    https://support.zyxel.eu/hc/en-us/articles/11616709217810

  • MarkoD
    MarkoD Posts: 36  Freshman Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Today an USG40W (with SSL VPN enabled) strated freezing up and needed to be restarted manually every 4-5 hours. The unit has had an uptime of over a year without any problems up until today, so I guess this is not a coincidence?

  • morezh
    morezh Posts: 10  Freshman Member
    10 Comments Friend Collector Zyxel Certified Network Engineer Level 1 - Security
    Options

    With an uptime of more than a year, the firewall will still have an old affected firmware on it. Perform a firmware update

  • Zyxel_James
    Zyxel_James Posts: 626  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    @ticsystems @MarkoD

    USG40W, ATP100 are also affected. I suggest you upgrade to the latest release. You may reboot the device if the device became irresponsible. Downlink link

    @Mario

    Based on our investigation so far, VPN service is the target. The attack is on service port 500.

  • ticsystems
    ticsystems Posts: 59  ZCNE Certified
    First Anniversary ZCNE Security Level 1 Certification - 2020 10 Comments Nebula Gratitude
    Options

    I know you are affected. But the firmware of atp100 does not work.

    When I reboot after 20 minutes it still has the corrupted firmware

  • Zyxel_James
    Zyxel_James Posts: 626  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    If you cannot upgrade the firmware successfully, please

    STEP1. Download and back up the current running startup-config.conf file. from MAINTENANCE > File Manager > Configuration File.
    STEP2. Reboot to the standby partition.
    STEP3. Apply the current running startup-config.conf file.
    STEP4. Update to our latest firmware V5.36P2.
    I suggest you do it nearby the device


Security Highlight