DESCRIPTION:
The researcher found that Zyxel Firewall exist 2 high-risk vulnerabilities.
CVE-2023-27991: The post-authentication command injection vulnerability in the CLI command of some firewall versions could allow an authenticated attacker to execute some OS commands remotely.
CVE-2023-28771: Improper error message handling in some firewall versions could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
AFFECTED RELEASES:
(1) CVE-2023-27991:
ATP version ZLD V4.32 to V5.35
USG-FLEX version ZLD V4.50 to V5.35
USG FLEX 50(W)/USG20(W)-VPN version ZLD V4.16 to V5.35
VPN version ZLD V4.30 to V5.35
(2) CVE-2023-28771:
ATP version ZLD V4.60 to V5.35
USG-FLEX version ZLD V4.60 to V5.35
VPN version ZLD V4.60 to V5.35
ZyWALL/USG version ZLD V4.60 to V4.73
SOLUTION:
1. Users and system administrators of affected products are advised to apply the security updates:
(1) Please upgrade ATP, USG-FLEX, USG FLEX 50(W), USG20(W)-VPN, and VPN to version ZLD V5.36 or above
(2) Please upgrade ZyWALL/USG series to version ZLD V4.73 Patch 1 or above
REFERENCE:
1. https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls
2. https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
3. https://nvd.nist.gov/vuln/detail/CVE-2023-27991
4. https://nvd.nist.gov/vuln/detail/CVE-2023-28771
5. https://thehackernews.com/2023/04/zyxel-firewall-devices-vulnerable-to.html