CVE-2023-28771
Zyxel Multiple Firewalls OS Command Injection Vulnerability
CVSS
—
Sin CVSS
EPSS
99.3%
p100
KEV
SÍ
31 may 2023
Exploit Today
80
0-100
Publicado: — · Última mod.: —
Producto
Zyxel / Multiple Firewalls
Vulnerabilidad
Zyxel Multiple Firewalls OS Command Injection Vulnerability
Añadido a KEV
31 may 2023
Remediar antes de
21 jun 2023
Uso conocido en ransomware
No
Descripción resumida
Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.
Acción requerida
Apply updates per vendor instructions.
Notas
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls; https://nvd.nist.gov/vuln/detail/CVE-2023-28771