CVE-2024-42058
NULL Pointer Dereference (CWE-476)
Summary
A null pointer dereference vulnerability has been identified in multiple Zyxel firmware versions across several product lines. The affected products and versions include: 1. Zyxel ATP series: Firmware versions V4.32 through V5.38 2. USG FLEX series: Firmware versions V4.50 through V5.38 3. USG FLEX 50(W) series: Firmware versions V5.20 through V5.38 4. USG20(W)-VPN series: Firmware versions V5.20 through V5.38 This vulnerability allows an unauthenticated attacker to cause Denial of Service (DoS) conditions by sending crafted packets to a vulnerable device.
Impact
The primary impact of this vulnerability is on the availability of the affected Zyxel devices. An attacker exploiting this vulnerability could cause a Denial of Service condition, potentially disrupting network operations and services. The vulnerability has been assigned a CVSS v3.1 base score of 7.5, which is considered "High" severity. Key impact factors: 1. Availability Impact: High 2. Confidentiality Impact: None 3. Integrity Impact: None The vulnerability is easily exploitable: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None This means that an unauthenticated attacker can exploit this vulnerability remotely with relative ease, potentially causing significant disruption to network services.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
As of the provided information, there is no mention of an available patch. The vulnerability affects specific firmware versions, which suggests that updating to a newer firmware version (if available) might resolve the issue. However, without explicit information about a patch, it's recommended to check with Zyxel for the latest security advisories and firmware updates.
Mitigation
Given the lack of specific patch information, here are some mitigation recommendations: 1. Version Control: Identify all Zyxel devices in your network that are running the affected firmware versions. 2. Firmware Updates: Regularly check for and apply the latest firmware updates from Zyxel, as they may release a patched version to address this vulnerability. 3. Network Segmentation: Implement strong network segmentation to isolate affected devices and limit potential impact. 4. Access Control: Implement strict access controls and firewall rules to limit network exposure of the affected devices, especially from untrusted networks. 5. Monitoring: Enhance monitoring for unusual traffic patterns or potential DoS attempts targeting these devices. 6. Incident Response: Update incident response plans to include procedures for handling potential DoS attacks on network infrastructure devices. 7. Vendor Communication: Stay in close contact with Zyxel for updates on patches or additional mitigation strategies. 8. Risk Assessment: Conduct a risk assessment to determine the criticality of affected devices and prioritize mitigation efforts accordingly. Given the high CVSS score and the ease of exploitation, addressing this vulnerability should be considered a high priority, especially for devices exposed to untrusted networks.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Timeline
NVD published the first details for CVE-2024-42058
Feedly found the first article mentioning CVE-2024-42058. See article
CVE-2024-42058 is a critical null pointer dereference vulnerability in Zyxel firewall versions that could lead to denial of service attacks by unauthenticated attackers. It is currently not known if this vulnerability is being exploited in the wild. Zyxel has released patches to address this vulnerability, and users are advised to apply them immediately to mitigate the risk of exploitation. See article
Feedly estimated the CVSS score as MEDIUM
EPSS Score was set to: 0.05% (Percentile: 17.7%)