FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2022-0342

Improper Authentication (CWE-287)

Published: Mar 28, 2022 / Updated: 32mo ago

010
CVSS 9.8EPSS 0.19%Critical
CVE info copied to clipboard

Summary

An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware, USG FLEX series firmware, ATP series firmware, VPN series firmware, and NSG series firmware. This vulnerability could allow an attacker to bypass the web authentication and obtain administrative access of the device.

Impact

This vulnerability allows an attacker to bypass web authentication and gain administrative access to the affected Zyxel devices. With administrative access, an attacker could potentially modify device configurations, intercept or manipulate network traffic, create backdoors, or use the compromised device as a foothold for further network intrusion. The impact is severe as it affects the confidentiality, integrity, and availability of the device and potentially the entire network it protects.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Zyxel has released updated firmware versions to address this vulnerability. Users should update to the latest firmware version for their specific device model.

Mitigation

1. Update firmware immediately to the latest version provided by Zyxel for the specific device model. 2. If immediate patching is not possible, consider temporarily disabling web administration access or restricting it to trusted IP addresses only. 3. Monitor logs for any suspicious authentication attempts or unexpected administrative actions. 4. Implement network segmentation to limit potential impact if a device is compromised. 5. Regularly review and audit device configurations and access logs. 6. Implement strong, unique passwords for all administrative accounts. 7. Use multi-factor authentication for administrative access if supported by the device.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2022-0342. See article

Mar 28, 2022 at 12:38 PM / unknown
EPSS

EPSS Score was set to: 0.19% (Percentile: 56%)

Sep 18, 2023 at 1:31 PM
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 21, 2024 at 9:08 PM / nvd
Threat Intelligence Report

CVE-2022-0342 is a critical vulnerability related to authentication bypass in Zyxel USG/Zywall devices, as indicated by the ET WEB_SPECIFIC_APPS rule. The details regarding its exploitation in the wild, CVSS score, proof-of-concept exploits, mitigations, detections, patches, or downstream impacts on third-party vendors are not provided in the given information. Further investigation is necessary to assess the full scope and implications of this vulnerability. See article

Oct 22, 2024 at 7:58 PM
Static CVE Timeline Graph

Affected Systems

Zyxel/usg_flex_100_firmware
+null more

Patches

www.zyxel.com
+null more

Links to Mitre Att&cks

T1548: Abuse Elevation Control Mechanism
+null more

Attack Patterns

CAPEC-114: Authentication Abuse
+null more

References

Zyxel security advisory for authentication bypass vulnerability of firewalls
32mo
Zyxel has released patches for products affected by the authentication bypass vulnerability. An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions.
Ruleset Update Summary - 2024/10/22 - v10725
Emerging Threats - Latest topics / 28d
2056751 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (captaitwik .sbs in TLS SNI) (malware.rules) 2056753 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deepymouthi .sbs in TLS SNI) (malware.rules)
Daily Vulnerability Trends: Sat Jul 30 2022
RedPacket Security / 28mo
CVE-2022-244622 No description provided CVE-2021-26084 In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. CVE-2022-26134 In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance.
See 3 more references

News

CPAI-2022-2139
Advisories Archive - Check Point Software / 15d
The post CPAI-2022-2139 appeared first on Check Point Software .
Weekly Detection Rule (YARA and Snort) Information – Week 5, October 2024
ASEC / 21d
The following is the information on Yara and Snort rules (week 5, October 2024) collected and shared by the AhnLab TIP service. 5 YARA Rules Detection name Description Source PK_EDD_prncpal Phishing Kit impersonating Employment Development Department California (EDD) https://github.com/t4d/PhishingKit-Yara-Rules PK_Eika_oio Phishing Kit impersonating Eika Bank https://github.com/t4d/PhishingKit-Yara-Rules PK_Huntington_code0t17 Phishing Kit impersonating Huntington bank https://github.com/t4d/PhishingKit-Yara-Rules PK_LeBonCoin_2022 Phishing […] 게시물 Weekly Detection Rule (YARA and Snort) Information – Week 5, October 2024 이 ASEC 에 처음 등장했습니다.
Ruleset Update Summary - 2024/10/22 - v10725
Emerging Threats - Latest topics / 28d
2056751 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (captaitwik .sbs in TLS SNI) (malware.rules) 2056753 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (deepymouthi .sbs in TLS SNI) (malware.rules)
VPN Vulnerability Report 2023 - Top10VPN
"Fortinet cybersecurity" - Google News / 11mo
Code Execution and Injection, which is the most common category of vulnerabilities across the dataset, refers to flaws and weaknesses in software that permit attackers to run malicious or arbitrary code. Some common types of vulnerabilities in this category include unauthorized users accessing or reading files they shouldn’t be able to, often due to misconfigurations or design flaws, sending data over the network without proper encryption, which can lead to information interception, and systems not sufficiently encrypting or masking sensitive data, making it easily accessible.
Big update to my Semgrep C/C++ ruleset - hn security
r/netsec / 11mo
Coming back to our static analysis methodology, here’s a simplified outline that can be used to quickly audit a large codebase with the help of Semgrep: Read the documentation, especially about past vulnerabilities, to uncover attack surface and interesting paths. My Semgrep ruleset (as well as some other tools I’ve released in the past) should help with the bottom-up approach, by isolating hotspots in code where bugs are likely to manifest.
See 131 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 9.8(27010)CWE-287(3882)CWE-287(3882)Zyxel(259)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial