← Voltar para CVEs
CVE-2023-33009
CRITICALCISA KEV9.8
Descricao
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/24/2023
Ultima modificacao2/26/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorZyxel
ProdutoMultiple Firewalls
Nome da vulnerabilidadeZyxel Multiple Firewalls Buffer Overflow Vulnerability
Data inclusao KEV2023-06-05
Prazo de remediacao2023-06-26
Uso em ransomwareUnknown
Produtos afetados
zyxel:atp100zyxel:atp100_firmwarezyxel:atp100wzyxel:atp100w_firmwarezyxel:atp200zyxel:atp200_firmwarezyxel:atp500zyxel:atp500_firmwarezyxel:atp700zyxel:atp700_firmwarezyxel:atp800zyxel:atp800_firmwarezyxel:usg20-vpnzyxel:usg20-vpn_firmwarezyxel:usg_20w-vpnzyxel:usg_20w-vpn_firmwarezyxel:usg_40zyxel:usg_40_firmwarezyxel:usg_40wzyxel:usg_40w_firmwarezyxel:usg_60zyxel:usg_60_firmwarezyxel:usg_60wzyxel:usg_60w_firmwarezyxel:usg_flex_100zyxel:usg_flex_100_firmwarezyxel:usg_flex_100wzyxel:usg_flex_100w_firmwarezyxel:usg_flex_200zyxel:usg_flex_200_firmwarezyxel:usg_flex_50zyxel:usg_flex_500zyxel:usg_flex_500_firmwarezyxel:usg_flex_50_firmwarezyxel:usg_flex_50wzyxel:usg_flex_50w_firmwarezyxel:usg_flex_700zyxel:usg_flex_700_firmwarezyxel:vpn100zyxel:vpn1000zyxel:vpn1000_firmwarezyxel:vpn100_firmwarezyxel:vpn300zyxel:vpn300_firmwarezyxel:vpn50zyxel:vpn50_firmware
Fraquezas (CWE)
CWE-120CWE-120
Referencias
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls(security@zyxel.com.tw)
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-33009(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.