September 22, 2023

There is an active warning for Zyxel networking device users to update their firewalls and VPNs after reports that hackers are actively exploiting a vulnerability in the wild to enable remote code execution.

Zyxel, recently fixed CVE-2023-28771 in April 2023, revealing that the flaw affects its ATP, USG Flex, VPN and ZyWall/USG products, from versions ZLD V4.60 to V5.35. In the case of the ZyWall/USG product it impacts versions ZLD V4.60 to V4.73.

Researchers from Rapid7 says  the bug is present in the default configuration of vulnerable devices and is exploitable in the WAN interface, which is designed to be exposed to the internet.

Advertisements

Successful exploitation of CVE-2023-28771 allows an unauthenticated attacker to execute code remotely on the target system by sending a specially crafted IKEv2 packet to UDP port 500 on the device.

The CVE is being widely exploited to compromise devices and conscript them into a Mirai-based botnet, most likely for DDoS attacks.

The US CISA added the CVE to its Known Exploited Vulnerabilities Catalog and give timeline to fix as June 21, 2023, for federal agencies.

Tags:

Leave a Reply

You may have missed

T-Mobile and Data Breach tightly coupled

September 21, 2023

Cisco Acquires Splunk in a blockbuster deal

September 21, 2023

Atlassian BitBucket and Confluence Vulnerabilities

September 21, 2023

Snatch ransomware Dissection

September 21, 2023

Fortinet Fixes Vulnerabilities in FortiOS

September 20, 2023

Trend Micro Endpoint Vulnerability – CVE-2023-41179

September 20, 2023
%d bloggers like this: