Critical security update (May 24, 2023) for all Zyxel firewall products – attacks in the wild

Sicherheit (Pexels, allgemeine Nutzung)[German]The Taiwanese vendor Zyxel has released a very critical security update for all security products. The security warning states that several buffer overflow vulnerabilities (CVE-2023-33009, CVE-2023-33010) are affected. I have evidence that the vulnerabilities are already being exploited in Zyxel firewall products.


Advertising

I was alerted to the following tweet by blog reader Patrik Stolz (thanks for that) on Twitter. The tweet addresses Zyxel's current security warning dated May 24, 2023.

Zyxel security advisory May 24, 2023

In the Zyxel security advisory for multiple buffer overflow vulnerabilities of firewalls security advisory, the manufacturer reports the release of patches for its firewall products that are affected by multiple buffer overflow vulnerabilities. Users are advised to install these patches for optimal protection. The vulnerabilities in question are as follows:

  • CVE-2023-33009: A buffer overflow vulnerability in the notification function in some firewall versions could allow an unauthenticated attacker to cause denial of service (DoS) conditions and even remote code execution on an affected device.
  • CVE-2023-33010: A buffer overflow vulnerability in the ID processing function in some firewall versions could allow an unauthenticated attacker to cause DoS conditions and even remote code execution on an affected device.

Zyxel has investigated the vulnerabilities and discloses subsequent firewall and VPN products as vulnerable or provides appropriate updates to close the vulnerabilities.

Affected series Affected version Patch availability
ATP ZLD V4.32 to V5.36 Patch 1 ZLD V5.36 Patch 2
USG FLEX ZLD V4.50 to V5.36 Patch 1 ZLD V5.36 Patch 2
USG FLEX50(W) / USG20(W)-VPN ZLD V4.25 to V5.36 Patch 1 ZLD V5.36 Patch 2
VPN ZLD V4.30 to V5.36 Patch 1 ZLD V5.36 Patch 2
ZyWALL/USG ZLD V4.25 to V4.73 Patch 1

The security updates should be installed immediatly, as the vulnerabilities are exploited by attackers in the wild (even though Zyxel has not published any details about the vulnerabilities).


Advertising

Addendum: There is a 2nd article, titled Zyxel security advisory for multiple buffer overflow vulnerabilities of firewalls – Unstable VPN Connection & Webinterface Login Issues, that has been published a few minutes ago. It describes issues, vulnerabilities und links to hotfixes. And administrator should check, whether the products are compromised (new accounts etc.) or not.


Cookies helps to fund this blog: Cookie settings
Advertising


##1

This entry was posted in Security, Software, Update and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *