An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.
References
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
History
01 Dec 2023, 21:43
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:* cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:* cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:* cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:* |
|
| First Time |
Zyxel usg Flex 200
Zyxel zld Zyxel vpn100 Zyxel Zyxel vpn50 Zyxel usg Flex 50 Zyxel usg Flex 100w Zyxel vpn1000 Zyxel usg Flex 500 Zyxel usg Flex 50w Zyxel vpn300 Zyxel usg Flex 100 Zyxel usg Flex 700 |
|
| References | () https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-apsĀ - Vendor Advisory |
28 Nov 2023, 03:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-11-28 03:15
Updated : 2023-12-10 15:26
NVD link : CVE-2023-5960
Mitre link : CVE-2023-5960
CVE.ORG link : CVE-2023-5960
JSON object : View
Products Affected
zyxel
- usg_flex_500
- zld
- vpn1000
- vpn50
- usg_flex_100
- usg_flex_50
- vpn100
- usg_flex_50w
- usg_flex_200
- usg_flex_700
- vpn300
- usg_flex_100w
CWE
CWE-269
Improper Privilege Management