[German]The Taiwanese vendor Zyxel has released a very critical security update for all security products. The security warning states that several buffer overflow vulnerabilities (CVE-2023-33009, CVE-2023-33010) are affected. I have evidence that the vulnerabilities are already being exploited in Zyxel firewall products.
I was alerted to the following tweet by blog reader Patrik Stolz (thanks for that) on Twitter. The tweet addresses Zyxel's current security warning dated May 24, 2023.
In the Zyxel security advisory for multiple buffer overflow vulnerabilities of firewalls security advisory, the manufacturer reports the release of patches for its firewall products that are affected by multiple buffer overflow vulnerabilities. Users are advised to install these patches for optimal protection. The vulnerabilities in question are as follows:
- CVE-2023-33009: A buffer overflow vulnerability in the notification function in some firewall versions could allow an unauthenticated attacker to cause denial of service (DoS) conditions and even remote code execution on an affected device.
- CVE-2023-33010: A buffer overflow vulnerability in the ID processing function in some firewall versions could allow an unauthenticated attacker to cause DoS conditions and even remote code execution on an affected device.
Zyxel has investigated the vulnerabilities and discloses subsequent firewall and VPN products as vulnerable or provides appropriate updates to close the vulnerabilities.
|Affected series||Affected version||Patch availability|
|ATP||ZLD V4.32 to V5.36 Patch 1||ZLD V5.36 Patch 2|
|USG FLEX||ZLD V4.50 to V5.36 Patch 1||ZLD V5.36 Patch 2|
|USG FLEX50(W) / USG20(W)-VPN||ZLD V4.25 to V5.36 Patch 1||ZLD V5.36 Patch 2|
|VPN||ZLD V4.30 to V5.36 Patch 1||ZLD V5.36 Patch 2|
|ZyWALL/USG||ZLD V4.25 to V4.73 Patch 1|
The security updates should be installed immediatly, as the vulnerabilities are exploited by attackers in the wild (even though Zyxel has not published any details about the vulnerabilities).
Addendum: There is a 2nd article, titled Zyxel security advisory for multiple buffer overflow vulnerabilities of firewalls – Unstable VPN Connection & Webinterface Login Issues, that has been published a few minutes ago. It describes issues, vulnerabilities und links to hotfixes. And administrator should check, whether the products are compromised (new accounts etc.) or not.
Cookies helps to fund this blog: Cookie settings