Zyxel security advisory for multiple vulnerabilities in firewalls
CVEs:CVE-2024-6343, CVE-2024-7203, CVE-2024-42057, CVE-2024-42058, CVE-2024-42059, CVE-2024-42060, CVE-2024-42061
Summary
Zyxel has released patches addressing multiple vulnerabilities in some firewall versions.Users are advised to install the patches for optimal protection.
What are the vulnerabilities?
CVE-2024-6343
A buffer overflow vulnerability in the CGI program of some firewall versions could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
CVE-2024-7203
A post-authentication command injection vulnerability in some firewall versions could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.
CVE-2024-42057
A command injection vulnerability in the IPSec VPN feature of some firewall versions could allow an unauthenticated attacker to execute some OS commands on an affected device by sending a crafted username to the vulnerable device. Note that this attack could be successful only if the device was configured in User-Based-PSK authentication mode and a valid user with a long username exceeding 28 characters exists.
CVE-2024-42058
A null pointer dereference vulnerability in some firewall versions could allow an unauthenticated attacker to cause DoS conditions by sending crafted packets to a vulnerable device.
CVE-2024-42059
A post-authentication command injection vulnerability in some firewall versions could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted compressed language file via FTP.
CVE-2024-42060
A post-authentication command injection vulnerability in some firewall versions could allow an authenticated attacker with administrator privileges to execute some OS commands on an affected device by uploading a crafted internal user agreement file to the vulnerable device.
CVE-2024-42061
A reflected cross-site scripting(XSS) vulnerability in the CGI program “dynamic_script.cgi” of some firewall versions could allow an attacker to trick a user into visiting a crafted URL with the XSS payload. The attacker could obtain browser-based information if the malicious script is executed on the victim’s browser.
What versions are vulnerable—and what should you do?
After a thorough investigation, we have identified the vulnerable products that are within their vulnerability support period and released updates to address the vulnerabilities, as shown in the table below.
Affected version | ||||||||
---|---|---|---|---|---|---|---|---|
Firewall series | CVE-2024-6343 | CVE-2024-7203 | CVE-2024-42057 | CVE-2024-42058 | CVE-2024-42059 | CVE-2024-42060 | CVE-2024-42061 | Patch availability |
ATP | ZLD V4.32 to V5.38 | ZLD V4.60 to V5.38 | ZLD V4.32 to V5.38 | ZLD V4.32 to V5.38 | ZLD V5.00 to V5.38 | ZLD V4.32 to V5.38 | ZLD V4.32 to V5.38 | ZLD V5.39 |
USG FLEX | ZLD V4.50 to V5.38 | ZLD V4.60 to V5.38 | ZLD V4.50 to V5.38 | ZLD V4.50 to V5.38 | ZLD V5.00 to V5.38 | ZLD V4.50 to V5.38 | ZLD V4.50 to V5.38 | ZLD V5.39 |
USG FLEX 50(W)/ USG20(W)-VPN | ZLD V4.16 to V5.38 | Not affected | ZLD V4.16 to V5.38 | ZLD V4.20 to V5.38 | ZLD V5.00 to V5.38 | ZLD V4.16 to V5.38 | ZLD V4.16 to V5.38 | ZLD V5.39 |
Got a question?
Please contact your local service rep or visit Zyxel’s Community for further information or assistance.
Acknowledgment
Thanks to the following security researchers and consultancies:
- Nanyu Zhong and Jinwei Dong from VARAS@IIE for CVE-2024-6343
- Alessandro Sgreccia and Manuel Roccon from HackerHood for CVE-2024-7203
- nella17 from DEVCORE for CVE-2024-42057, CVE-2024-42058, CVE-2024-42059, CVE-2024-42060, and CVE-2024-42061
Revision history
2024-9-3: Initial release
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 150 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 264 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 41 Wireless Ideas
- 6.4K Consumer Product
- 250 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 74 Security Highlight