USG Series new firmware 4.62 Whats New?

Options
Wolfgang
Wolfgang Posts: 39  Freshman Member
First Anniversary 10 Comments
edited April 2021 in Security
Hallo,
is there a reason why this new Firmware is not yet announced in this Forum?
What is new that the Firmware Version was incremented from 4.60 to 4.62?
Thx

Comments

  • chandan
    chandan Posts: 72  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options
    Modifications in V4.62(AAPH.0)C0 - 2021/01/19
    [Standalone mode]
    1. [Vulnerability Fix] Potential Remote Code Execution vulnerability.
    2. [Vulnerability Fix] Buffer Overflow vulnerability
  • USG_User
    USG_User Posts: 369  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Options
    There are a lot of firmware updates recently which concern us a little bit, especially because of those vulnerabiliy fixes. Zyxel should improve its quality management. We cannot reboot our production firewall so often.
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,068  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Wolfgang
    It will be in the announcement soon, thanks for your reminding.

    Hi @USG_User
    Apologies for the inconvenience, we are doing our best in patching the critical vulnerabilities. This is in the best interest of everyone, especially the users,  to secure from potential threats and reduce the chances of exploiting by hackers. 


  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    Options
    I've tried to update USG60W from V4.60(AAKZ.1) to 4.62.(AAKZ0) and it looks like since 4.60 there is a Zyxel recurring issue during Fiormware update existing.  :s

    Backup startup-config before starting the firmware upgrade and get a know error message as below:

    Converting stage1 for startup-config.conf is done.
    ......% (after 'encrypted-password'): Parse error
    ERROR: config-backup setting  mail-attach encrypted-password jiZhePgAa1....(shorted password).
    Failed to apply startup configuration file and failover to previous firmware ...

    Rollback
    Applying system configuration file, please wait...
    ....% (after 'encrypted-password'): Parse error
    ERROR: config-backup setting   mail-attach
    encrypted-password jiZhePgAa1....(shorted password)
    Failed to apply startup-config.conf. Try to apply periodical-backup.conf or lastgood.conf or system-default.conf
    Save current startup-config.conf to start-config-bad.conf

    ZyWALL system is configured successfully with lastgood.conf
    Previous firmware upgrade failed - ERROR: config-backup setting  mail-attach

    encrypted-password jiZhePgAa1....(shorted password).

    The last backup (30 minutes old - before upgrade to new FW) also avoided by USG  :'(

    I can understand that you provide security updates for the appliance for installation. But why is there now again since v4.60 for me not understandable error message and rolling them backward in the firmware update process ?


    And during these difficult times for all of us, i would like to see better QM before a release is published.

    Thanks for understanding
    Chris


  • ChrisGer
    ChrisGer Posts: 205  Ally Member
    First Anniversary Friend Collector First Answer First Comment
    Options
    Update @Zyxel_Jeff
    after i already had such problems with the update from 4.60.0 to 4.60.1, i have looked again at the case be zyxel EMEA. I wrote them the solution to fix my issue  ;) Also in the update from 4.60.0 to 4.60.1 it was a "do it your self", which then lifted my USG60 to the new version.

    Solution (please do not use it in production and high avalibility areas)!
    - Reset the ZyWALL to factory default
    - Update the USG to the new Firmware
    - Upload and import the config backup into your USG

    I don't know why this is also showing an error but the arround 200 rules in my USG are working (layer3 based). the ISP Firewall is Layer7 and save my devices in a higher level and in the last 2 years without any update issue ;)

    Regards
    Chris
  • dkyeager
    dkyeager Posts: 69  Ally Member
    First Anniversary 10 Comments Friend Collector
    Options
    More details would be nice, but here is what the update process says:

    1. Remote Code Execution vulnerability fix.Vulnerability Description:These are affected by a CGI vulnerability by the improper input sanitization of HTTP requests.It could allow Hackers to perform remote code execution via OS command injection.Affected Version:ZLD V4.35 and above

    2. Buffer Overflow vulnerability fix.Vulnerability Description:The buffer overflow vulnerability causes a program to overwrite a memory block, so the system might be unstable or terminate abnormally.Affected Version:ZLD V4.30 and above Recommended Action:Users are advised to upgrade to the latest firmware (ZLD4.62) or hotfix immediately for optimal protection.Thank you for choosing ZyWALL ATP and USG FLEX series. Zyxel is committed to continuously updating your devices for the most advanced features.
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,068  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @ChrisGer

    Thanks for your feedback.

    Could you provide your startup-config.conf and diagnostic log of USG60W to me via private message?

    Let us do more investigation :) .


Security Highlight