FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2022-30526

Improper Privilege Management (CWE-269)

Published: Jul 19, 2022 / Updated: 28mo ago

010
CVSS 7.8EPSS 0.12%High
CVE info copied to clipboard

Summary

A privilege escalation vulnerability was identified in the CLI command of various Zyxel firewall devices including USG FLEX series, USG20(W)-VPN, ATP series, VPN series, and USG/ZyWALL series across multiple firmware versions. This vulnerability could allow a local attacker to execute some OS commands with root privileges in certain directories on a vulnerable device.

Impact

This vulnerability allows a local attacker with low privileges to execute OS commands with root privileges in specific directories. This can lead to complete system compromise, potentially allowing the attacker to gain full control over the affected device. The attacker could modify system configurations, access sensitive information, or use the compromised device as a pivot point for further attacks on the network.

Exploitation

Multiple proof-of-concept exploits are available on packetstormsecurity.com, github.com. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Zyxel has released security updates to address this vulnerability. Users should refer to the Zyxel security advisory for specific patch information and update instructions.

Mitigation

1. Update the firmware of affected Zyxel devices to the latest patched version as provided by Zyxel. 2. Implement the principle of least privilege, ensuring that users and processes have only the minimum levels of access necessary. 3. Monitor and audit system activities, especially those involving privileged operations. 4. Restrict physical and network access to the affected devices to trusted administrators only. 5. Implement network segmentation to limit the potential impact if a device is compromised.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2022-30526. See article

Jul 19, 2022 at 6:01 AM / twitter.com
Threat Intelligence Report

The privilege escalation vulnerability CVE-2022-30526 in Zyxel USG FLEX and other firmware versions allows a local attacker to execute OS commands with root privileges, posing a critical risk to affected devices. As of now, there are no reports of this vulnerability being exploited in the wild, but proof-of-concept exploits may emerge. Mitigations, detections, and patches are not yet available, potentially impacting other third-party vendors who rely on Zyxel technology. See article

Jul 21, 2022 at 7:10 AM
EPSS

EPSS Score was set to: 0.12% (Percentile: 45.3%)

Sep 17, 2023 at 11:51 PM
Static CVE Timeline Graph

Affected Systems

Zyxel/usg40_firmware
+null more

Exploits

http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html
+null more

Patches

www.zyxel.com
+null more

Links to Mitre Att&cks

T1548: Abuse Elevation Control Mechanism
+null more

Attack Patterns

CAPEC-122: Privilege Abuse
+null more

References

Zyxel security advisory for local privilege escalation and authenticated directory traversal vulnerabilities of firewalls | Zyxel
Vzriskteam's Favorite Links from Diigo / 28mo
Zyxel has released patches for products affected by local privilege escalation and authenticated directory traversal vulnerabilities. A privilege escalation vulnerability was identified in the CLI command of some firewall versions that could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device.
CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation
Cyber Security News - The Reddit of Infosec / 28mo
Rapid7 discovered a local privilege escalation vulnerability affecting Zyxel firewalls. The vulnerability allows a low privileged user, such as, to escalate to on affected firewalls.
CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation
Rapid7 Blog / 28mo
Rapid7 discovered a local privilege escalation vulnerability affecting Zyxel firewalls. The vulnerability allows a low privileged user, such as, to escalate to on affected firewalls.
See 4 more references

News

BrandPost: Countering the dramatic acceleration and proliferation of cyber threats
CSO Online / 20mo
The ability of the government and enterprise to be more agile in cyber security response is going to be critical, because one of the biggest challenges facing the security industry is not just the variety of attacks or their raw numbers, but also just how quickly malicious actors and their threats can operate. In order to develop policies and practices that mitigate the risk of faster time to exploitation, security practitioners need not only detailed guidance, but also the “why” behind it — and that means vulnerability details, delivered transparently, in ways accessible to security teams and researchers.”
"CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation" #redteam #infosec #pentest https://www.rapid7.com/blog/post/2022/07/19/cve-2022-30526-fixed-zyxel-firewall-local-privilege-escalation/
Search results for "list:1052973696090955776 (lang:de OR lang:en) min_retweets:5 min_faves:2" / 20mo
"CVE-2022-30526 (Fixed): Zyxel Firewall Local Privilege Escalation" #redteam #infosec #pentest rapid7.com/blog/post/2022/07…
CVE-2022-30526 Exploit
inTheWild.io Exploits / 23mo
CVE Id : CVE-2022-30526 Published Date: 2022-12-13T15:38:00+00:00 A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device. inTheWild added a link to an exploit: http://packetstormsecurity.com/files/168202/Zyxel-Firewall-SUID-Binary-Privilege-Escalation.html
CVE-2022-30526 (atp100_firmware, atp100w_firmware, atp200_firmware, atp500_firmware, atp700_firmware, atp800_firmware, usg_2200-vpn_firmware, usg_flex_100w_firmware, usg_flex_200_firmware, usg_flex_500_firmware, usg_flex_50w_firmware, usg_flex_700_firmware, usg20-vpn_firmware, usg20w-vpn_firmware,....
Latest articles about All products / 23mo
https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml No Types Assigned https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml Vendor Advisory
Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released
MrHacker / 26mo
“A format string vulnerability was found in a specific binary of Zyxel NAS products that could allow an attacker to achieve unauthorized remote code execution via a crafted UDP packet,” the company said in an advisory released on September 6. Networking equipment maker Zyxel has released patches for a critical security flaw impacting its network-attached storage (NAS) devices.
See 44 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 7.8(51562)CWE-269(2761)Zyxel(259)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial