CVE-2023-6397

NULL Pointer Dereference (CWE-476)

Published: Feb 20, 2024 / Updated: 9mo ago

010
CVSS 6.5EPSS 0.04%Medium
CVE info copied to clipboard

A null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2023-6397

Feb 19, 2024 at 6:15 PM
First Article

Feedly found the first article mentioning CVE-2023-6397. See article

Feb 20, 2024 at 2:06 AM / CVE
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Feb 20, 2024 at 2:07 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 10.3%)

Feb 20, 2024 at 3:07 PM
Static CVE Timeline Graph

Affected Systems

Zyxel/atp
+null more

News

Cyber Security Daily News 29/02/2024
The advisory highlights the broader risk posed by ransomware and the evolving tactics of cybercriminals targeting critical systems and software vulnerabilities.(Source: The Hacker News) Security researchers discovered about 100 AI and ML models on the Hugging Face platform containing malicious code capable of executing on users' machines, potentially establishing a backdoor for attackers.
Breach Roundup: White House Calls for Memory-Safe Languages - BankInfoSecurity.com
This week, the Biden administration urged software developers to adopt memory-safe programming languages and moved to restrict Chinese connected cars, a pharma giant was breached, researchers found malicious repos in GitHub, the Phobos RaaS group is targeting the U.S., and Zyxel patched devices. The Biden administration advocated for an industrywide shift to memory-safe programming languages such as Rust to mitigate memory-safety vulnerabilities in software.
Zyxel Firewall Flaw Let Attackers Execute Remote Code
Four new vulnerabilities have been discovered in some of the Zyxel Firewall and access point (AP) versions that are associated with Denial of Service, OS Command Injection, and Remote code execution. This vulnerability exists in the file upload binary in Zyxel ATP series devices that could allow an authentication threat actor to execute operating system commands on the affected device via FTP with administrative privileges.
SANS NewsBites Vol. 26 Num. 16 : Healthcare Compromise Still Affecting Pharmacy Billing, LockBit Won’t Stay Down, SolarWinds Cyberthreat Actors Using New TTPs
An alert published jointly by intelligence and cyber agencies from the Five Eyes countries, (Australia, Canada, New Zealand, the TUK, and the US) warns that the cyberthreat actors responsible for the SolarWinds attack are developing tactics to target assets held in the cloud infrastructure. - www.securityweek.com : LockBit Ransomware Gang Resurfaces With New Leak Site
Zyxel fixed four bugs in firewalls and access points
CVE-2023-6399 – A format string vulnerability in some firewall versions could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled. Taiwanese vendor Zyxel warns of security vulnerabilities in its firewalls and access points, including a remote code execution flaw.
See 25 more articles and social media posts

CVSS V3.1

Attack Vector:Adjacent_network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI