CVE-2023-4397

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.

CVSS v3 4.4 MEDIUM

4.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:zld:5.37:*:*:*:*:*:*:*

OR	cpe:2.3:h:zyxel:atp100:-:::::::*
	cpe:2.3:h:zyxel:atp100w:-:::::::*
	cpe:2.3:h:zyxel:atp200:-:::::::*
	cpe:2.3:h:zyxel:atp500:-:::::::*
	cpe:2.3:h:zyxel:atp700:-:::::::*
	cpe:2.3:h:zyxel:atp800:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:zyxel:zld:5.37:*:*:*:*:*:*:*

OR	cpe:2.3:h:zyxel:usg_flex_100:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_100w:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_200:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_50:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_500:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_50w:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_700:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:zyxel:zld:5.37:*:*:*:*:*:*:*

OR	cpe:2.3:h:zyxel:usg_20w-vpn:-:::::::*
	cpe:2.3:h:zyxel:vpn50w:-:::::::*

History

04 Dec 2023, 18:05

Type	Values Removed	Values Added
First Time		Zyxel usg Flex 200 Zyxel zld Zyxel atp500 Zyxel Zyxel usg Flex 50 Zyxel vpn50w Zyxel atp800 Zyxel atp100w Zyxel atp200 Zyxel atp700 Zyxel atp100 Zyxel usg Flex 100w Zyxel usg Flex 500 Zyxel usg 20w-vpn Zyxel usg Flex 50w Zyxel usg Flex 100 Zyxel usg Flex 700
References	~~() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps -~~	() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps - Vendor Advisory
CPE		cpe:2.3:h:zyxel:usg_flex_100:-:::::::* cpe:2.3:h:zyxel:vpn50w:-:::::::* cpe:2.3:h:zyxel:usg_flex_50:-:::::::* cpe:2.3:h:zyxel:usg_flex_200:-:::::::* cpe:2.3:h:zyxel:usg_flex_700:-:::::::* cpe:2.3:h:zyxel:usg_flex_100w:-:::::::* cpe:2.3:h:zyxel:usg_flex_50w:-:::::::* cpe:2.3:h:zyxel:usg_flex_500:-:::::::* cpe:2.3:o:zyxel:zld:5.37:::::::* cpe:2.3:h:zyxel:atp800:-:::::::* cpe:2.3:h:zyxel:usg_20w-vpn:-:::::::* cpe:2.3:h:zyxel:atp700:-:::::::* cpe:2.3:h:zyxel:atp100w:-:::::::* cpe:2.3:h:zyxel:atp500:-:::::::* cpe:2.3:h:zyxel:atp200:-:::::::* cpe:2.3:h:zyxel:atp100:-:::::::*

28 Nov 2023, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-28 02:15

Updated : 2023-12-10 15:26

NVD link : CVE-2023-4397

Mitre link : CVE-2023-4397

CVE.ORG link : CVE-2023-4397

JSON object : View

Products Affected

zyxel

zld
usg_20w-vpn
atp500
usg_flex_100
usg_flex_100w
usg_flex_700
vpn50w
atp700
usg_flex_500
atp100w
usg_flex_200
atp100
usg_flex_50
atp800
atp200
usg_flex_50w

CWE

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

4.4 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

JSON object

Attach tags to CVE-2023-4397

4.4^/10

Attach tags to `CVE-2023-4397`