FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2023-6764

Use of Externally-Controlled Format String (CWE-134)

Published: Feb 20, 2024 / Updated: 9mo ago

010
CVSS 8.1EPSS 0.04%High
CVE info copied to clipboard

A format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device’s memory layout and configuration.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2023-6764

Feb 19, 2024 at 7:15 PM
First Article

Feedly found the first article mentioning CVE-2023-6764. See article

Feb 20, 2024 at 2:06 AM / Zyxel – Leader in Secure, AI-Powered Cloud Networking Solutions
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Feb 20, 2024 at 3:04 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 6.7%)

Feb 20, 2024 at 3:07 PM
Static CVE Timeline Graph

Affected Systems

Zyxel/atp
+null more

Attack Patterns

CAPEC-135: Format String Injection
+null more

News

Cyber Security Daily News 29/02/2024
RSS feed of Cybersechub.hk / 8mo
The advisory highlights the broader risk posed by ransomware and the evolving tactics of cybercriminals targeting critical systems and software vulnerabilities.(Source: The Hacker News) Security researchers discovered about 100 AI and ML models on the Hugging Face platform containing malicious code capable of executing on users' machines, potentially establishing a backdoor for attackers.
Zyxel Firewall Flaw Let Attackers Execute Remote Code
Cyber Security News - The Reddit of Infosec / 8mo
Four new vulnerabilities have been discovered in some of the Zyxel Firewall and access point (AP) versions that are associated with Denial of Service, OS Command Injection, and Remote code execution. This vulnerability exists in the file upload binary in Zyxel ATP series devices that could allow an authentication threat actor to execute operating system commands on the affected device via FTP with administrative privileges.
SANS NewsBites Vol. 26 Num. 16 : Healthcare Compromise Still Affecting Pharmacy Billing, LockBit Won’t Stay Down, SolarWinds Cyberthreat Actors Using New TTPs
SANS NewsBites / 8mo
An alert published jointly by intelligence and cyber agencies from the Five Eyes countries, (Australia, Canada, New Zealand, the TUK, and the US) warns that the cyberthreat actors responsible for the SolarWinds attack are developing tactics to target assets held in the cloud infrastructure. - www.securityweek.com : LockBit Ransomware Gang Resurfaces With New Leak Site
Zyxel fixed four bugs in firewalls and access points
Cyber Security News - The Reddit of Infosec / 8mo
CVE-2023-6399 – A format string vulnerability in some firewall versions could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled. Taiwanese vendor Zyxel warns of security vulnerabilities in its firewalls and access points, including a remote code execution flaw.
Zyxel Issues Security Advisory for Multiple Vulnerabilities in Firewalls and APs
Cyware News - Latest Cyber News / 8mo
A format string vulnerability in some firewall versions could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled. A null pointer dereference vulnerability in some firewall versions could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the “Anti-Malware” feature enabled.
See 24 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:High
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 8.1(18246)CWE-134(336)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial