U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Zyxel fixed four bugs in firewalls and access points

Taiwanese vendor Zyxel warns of security vulnerabilities in its firewalls and access points, including a remote code execution flaw. Taiwanese networking vendor Zyxel addressed four vulnerabilities, respectively tracked as CVE-2023-6397, CVE-2023-6398, CVE-2023-6399, and CVE-2023-6764, in its firewalls and access points. The flaws can be exploited by threat actors to carry out command injection and denial-of-service attacks and to […]

zyxel Mirai

Taiwanese vendor Zyxel warns of security vulnerabilities in its firewalls and access points, including a remote code execution flaw.

Taiwanese networking vendor Zyxel addressed four vulnerabilities, respectively tracked as CVE-2023-6397CVE-2023-6398CVE-2023-6399, and CVE-2023-6764, in its firewalls and access points.

The flaws can be exploited by threat actors to carry out command injection and denial-of-service attacks and to achieve remote code execution.

Below is the list of the flaws addressed by the company:

  • CVE-2023-6397 – A null pointer dereference vulnerability in some firewall versions could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.
  • CVE-2023-6398 – A post-authentication command injection vulnerability in the file upload binary in some firewall and AP versions could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP.
  • CVE-2023-6399 – A format string vulnerability in some firewall versions could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.
  • CVE-2023-6764 – A format string vulnerability in a function of the IPSec VPN feature in some firewall versions could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.

Below are the lists of impacted devices:

Firewall seriesAffected versionPatch availability
CVE-2023-6397CVE-2023-6398CVE-2023-6399CVE-2023-6764
ATPZLD V4.32 to V5.37 Patch 1ZLD V4.32 to V5.37 Patch 1ZLD V5.10 to V5.37 Patch 1ZLD V4.32 to V5.37 Patch 1ZLD V5.37 Patch 2
USG FLEXZLD V4.50 to V5.37 Patch 1ZLD V4.50 to V5.37 Patch 1ZLD V5.10 to V5.37 Patch 1ZLD V4.50 to V5.37 Patch 1ZLD V5.37 Patch 2
USG FLEX 50(W)/USG20(W)-VPNNot affectedZLD V4.16 to V5.37 Patch 1ZLD V5.10 to V5.37 Patch 1ZLD V4.16 to V5.37 Patch 1ZLD V5.37 Patch 2
USG FLEX HNot affecteduOS V1.10 to V1.10 Patch 1uOS V1.10 to V1.10 Patch 1Not affectedHotfix is available*
Standard patch uOS V1.20 in April 2024

Table 2. APs affected by CVE-2023-6398

AP modelAffected versionPatch availability
NWA50AX6.29(ABYW.3) and earlier6.29(ABYW.4)
NWA55AXE6.29(ABZL.3) and earlier6.29(ABZL.4)
NWA90AX6.29(ACCV.3) and earlier6.29(ACCV.4)
NWA110AX6.65(ABTG.1) and earlier6.70(ABTG.2)
NWA210AX6.65(ABTD.1) and earlier6.70(ABTD.2)
NWA220AX-6E6.65(ACCO.1) and earlier6.70(ACCO.1)
NWA1123ACv36.65(ABVT.1) and earlier6.70(ABVT.1)
WAC5006.65(ABVS.1) and earlier6.70(ABVS.1)
WAC500H6.65(ABWA.1) and earlier6.70(ABWA.1)
WAX300H6.60(ACHF.1) and earlier6.70(ACHF.1)
WAX510D6.65(ABTF.1) and earlier6.70(ABTF.2)
WAX610D6.65(ABTE.1) and earlier6.70(ABTE.2)
WAX620D-6E6.65(ACCN.1) and earlier6.70(ACCN.1)
WAX630S6.65(ABZD.1) and earlier6.70(ABZD.2)
WAX640S-6E6.65(ACCM.1) and earlier6.70(ACCM.1)
WAX650S6.65(ABRM.1) and earlier6.70(ABRM.2)
WAX655E6.65(ACDO.1) and earlier6.70(ACDO.1)
WBE660S6.65(ACGG.1) and earlier6.70(ACGG.2)
NWA50AX-PRO6.65(ACGE.1) and earlierHotfix is available upon request*
Standard patch 6.80(ACGE.0) in July 2024
NWA90AX-PRO6.65(ACGF.1) and earlierHotfix is available upon request*
Standard patch 6.80(ACGF.0) in July 2024

The Taiwanese vendor acknowledged Lays and atdog from TRAPA Security for reporting these flaws.

Customers are recommended to install the security patches as soon as possible.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, cyberattack)