CVE-2024-7203
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (CWE-78)
Published: Sep 3, 2024 / Updated: 2mo ago

010

CVSS 7.2EPSS 0.05%High

CVE info copied to clipboard

Summary

A post-authentication command injection vulnerability exists in Zyxel ATP series and USG FLEX series firmware. This vulnerability affects firmware versions from V4.60 through V5.38 for both product lines. An authenticated attacker with administrator privileges could exploit this vulnerability to execute some operating system (OS) commands on an affected device by executing a crafted CLI command.

Impact

If exploited, this vulnerability could allow an attacker to execute arbitrary OS commands on the affected Zyxel devices. This could lead to unauthorized access, data theft, system manipulation, or potential service disruption. The impact is significant as it affects the confidentiality, integrity, and availability of the system, all rated as "HIGH" in the CVSS score. The attack vector is network-based, requiring no user interaction, which increases the potential for remote exploitation.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Zyxel has released security updates to address this vulnerability. The patch details were added on September 5, 2024, and can be found on the Zyxel website. Users should refer to the Zyxel security advisory for specific update instructions and download links.

Mitigation

1. Update affected Zyxel ATP series and USG FLEX series devices to firmware versions newer than V5.38 as soon as possible. 2. Implement strong access controls and limit administrative privileges to only necessary personnel. 3. Monitor system logs for any suspicious CLI command executions. 4. Implement network segmentation to isolate affected devices if immediate patching is not possible. 5. Regularly audit and review administrative account usage and access. 6. Consider implementing additional security measures such as intrusion detection/prevention systems to monitor for potential exploitation attempts.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-7203

Sep 3, 2024 at 2:15 AM

Threat Intelligence Report

CVE-2024-7203 is a critical post-authentication command injection vulnerability in Zyxel firewalls that could allow an authenticated attacker to execute OS commands. This vulnerability has been acknowledged by security researchers and patches have been released by Zyxel to address it. It is important for organizations using affected firewall versions to apply the patches promptly to prevent potential exploitation by malicious actors. See article

Sep 3, 2024 at 2:16 AM

First Article

Feedly found the first article mentioning CVE-2024-7203. See article

Sep 3, 2024 at 2:16 AM / Zyxel

CVSS Estimate

Feedly estimated the CVSS score as HIGH

Sep 3, 2024 at 2:17 AM

CVSS

A CVSS base score of 7.2 has been assigned.

Sep 3, 2024 at 2:20 AM / nvd

EPSS

EPSS Score was set to: 0.05% (Percentile: 21.1%)