CVE-2024-6343
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
Published: Sep 3, 2024 / Updated: 2mo ago

010

CVSS 4.9EPSS 0.04%Medium

CVE info copied to clipboard

Summary

A buffer overflow vulnerability exists in the CGI program of specific Zyxel firewall series and firmware versions. The affected products include: 1. ATP series firmware versions V4.32 through V5.38 2. USG FLEX series firmware versions V4.50 through V5.38 3. USG FLEX 50(W) series firmware versions V4.16 through V5.38 4. USG20(W)-VPN series firmware versions V4.16 through V5.38 This vulnerability could allow an authenticated attacker with administrator privileges to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

Impact

If exploited, this vulnerability could lead to a denial of service (DoS) condition on the affected Zyxel devices. The impact is primarily on the availability of the system, with no direct effect on confidentiality or integrity. The CVSS v3.1 base score for this vulnerability is 4.9, which is considered "Medium" severity. The attack vector is network-based (AV:N), with low attack complexity (AC:L). However, it requires high privileges (PR:H) to exploit, which somewhat mitigates the risk. No user interaction (UI:N) is needed for the attack. It's important to note that while the impact is limited to availability, a DoS condition on a firewall or security gateway could potentially disrupt network operations and security, which could be critical for many organizations.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available for this vulnerability. Zyxel has released security updates to address this issue. The patch information was added on September 5, 2024, and can be found on the Zyxel website at: https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-09-03-2024

Mitigation

To mitigate this vulnerability, the following steps are recommended: 1. Update affected devices to the latest firmware version as provided by Zyxel in their security advisory. 2. If immediate patching is not possible, implement strict access controls to limit who can authenticate with administrator privileges. 3. Monitor systems for any unusual activity or unexpected denial of service conditions. 4. Implement network segmentation to minimize the potential impact if a device is compromised. 5. Regularly review and audit administrator accounts to ensure they are necessary and properly secured. 6. Consider implementing additional network monitoring tools to detect potential exploitation attempts.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-6343

Sep 3, 2024 at 2:15 AM

First Article

Feedly found the first article mentioning CVE-2024-6343. See article

Sep 3, 2024 at 2:16 AM / CVE

Threat Intelligence Report

CVE-2024-6343 is a critical buffer overflow vulnerability in Zyxel firewall versions that could allow an authenticated attacker to cause denial of service conditions. While there is no information on exploitation in the wild or proof-of-concept exploits, Zyxel has released patches to address this vulnerability. It is important for organizations using affected firewall versions to apply the patches promptly to prevent potential security risks and downstream impacts. See article

Sep 3, 2024 at 2:16 AM

CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 3, 2024 at 2:17 AM

CVSS

A CVSS base score of 4.9 has been assigned.

Sep 3, 2024 at 2:20 AM / nvd

EPSS

EPSS Score was set to: 0.04% (Percentile: 14.1%)

Sep 3, 2024 at 9:38 AM

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (206735)