CVE-2022-2030
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Published: Jul 19, 2022 / Updated: 28mo ago
010
CVSS 6.5EPSS 0.07%Medium
CVE info copied to clipboard
A directory traversal vulnerability caused by specific character sequences within an improperly sanitized URL was identified in some CGI programs of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.11 through 4.72, that could allow an authenticated attacker to access some restricted files on a vulnerable device.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Timeline
First Article
Feedly found the first article mentioning CVE-2022-2030. See article
Jul 19, 2022 at 6:21 AM / twitter.com
EPSS
EPSS Score was set to: 0.07% (Percentile: 27.7%)
Sep 17, 2023 at 11:51 PM
Affected Systems
Zyxel/usg_flex_700_firmware
+null more
Patches
www.zyxel.com
+null more
Attack Patterns
CAPEC-126: Path Traversal
+null more
References
Zyxel security advisory for local privilege escalation and authenticated directory traversal vulnerabilities of firewalls | Zyxel
Zyxel has released patches for products affected by local privilege escalation and authenticated directory traversal vulnerabilities. A privilege escalation vulnerability was identified in the CLI command of some firewall versions that could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.
Cybersecurity Week in Review (9/9/22)
Once deployed on a targeted host, the attack chain downloads and executes the Metasploit’s Mettle meterpreter to maximize control, exploits vulnerabilities to elevate its privileges, adds persistence on the host via crontab, and ultimately launches a cryptocurrency miner on infected devices. Successful exploitation of the above vulnerabilities could cause a remote denial-of-service (DoS), or enable an attacker with physical access to the device to extract sensitive information or alternatively carry out adversary-in-the-middle attacks.
News
Big update to my Semgrep C/C++ ruleset - hn security
Coming back to our static analysis methodology, here’s a simplified outline that can be used to quickly audit a large codebase with the help of Semgrep: Read the documentation, especially about past vulnerabilities, to uncover attack surface and interesting paths. My Semgrep ruleset (as well as some other tools I’ve released in the past) should help with the bottom-up approach, by isolating hotspots in code where bugs are likely to manifest.
Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released
“A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet,” the company said in an advisory released on September 6. Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices.
Cybersecurity Week in Review (9/9/22)
Once deployed on a targeted host, the attack chain downloads and executes the Metasploit’s Mettle meterpreter to maximize control, exploits vulnerabilities to elevate its privileges, adds persistence on the host via crontab, and ultimately launches a cryptocurrency miner on infected devices. Successful exploitation of the above vulnerabilities could cause a remote denial-of-service (DoS), or enable an attacker with physical access to the device to extract sensitive information or alternatively carry out adversary-in-the-middle attacks.
Zyxel Updates NAS Devices to Fix Potential Security Flaw
Shaposhnikov Ilya alerted about a major security vulnerability, targeting Zyxel’s network-attached storage (NAS) devices. This revelation follows Zyxel’s July patching of the CVE-2022-30526 and CVE-2022-2030 vulnerabilities impacting its firewall products, which affect local root access and authenticated directory traverse.
Zyxel Updates NAS Devices to Fix Potential Security Flaw
CVE-2022-26532: Certain firewall, AP controller, and AP versions contain the 'packet-trace' CLI command that contains a command injection vulnerability that might allow a local, authorized attacker to execute arbitrary OS instructions by providing specially crafted inputs to the function. This revelation follows Zyxel's July patching of the CVE-2022-30526 and CVE-2022-2030 vulnerabilities impacting its firewall products, which affect local root access and authenticated directory traverse.
See 28 more articles and social media posts