ID

VAR-202304-1913


CVE

CVE-2023-22916


TITLE

plural  ZyXEL  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2023-009324

DESCRIPTION

The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode. usg flex 100 firmware, usg flex 100w firmware, USG FLEX 200 firmware etc. ZyXEL There are unspecified vulnerabilities in the product.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-22916 // JVNDB: JVNDB-2023-009324 // VULMON: CVE-2023-22916

AFFECTED PRODUCTS

vendor:zyxelmodel:usg flex 100wscope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:atp500scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:vpn100scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp200scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:atp700scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:atp200scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp100scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:vpn100scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:atp100scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:atp500scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:atp800scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:vpn50scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp100wscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:vpn50scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:vpn300scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:vpn300scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp100wscope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:gteversion:5.00

Trust: 1.0

vendor:zyxelmodel:atp700scope:gteversion:5.10

Trust: 1.0

vendor:zyxelmodel:atp800scope:lteversion:5.35

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg 20-vpnscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn50scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 50wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 50scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn300scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp800scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn1000scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-009324 // NVD: CVE-2023-22916

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-22916
value: HIGH

Trust: 1.8

security@zyxel.com.tw: CVE-2023-22916
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202304-1908
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.2
version: 3.1

Trust: 2.0

NVD: CVE-2023-22916
baseSeverity: HIGH
baseScore: 8.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-009324 // NVD: CVE-2023-22916 // NVD: CVE-2023-22916 // CNNVD: CNNVD-202304-1908

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-009324 // NVD: CVE-2023-22916

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-1908

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202304-1908

CONFIGURATIONS

sources: NVD: CVE-2023-22916

PATCH

title:Zyxel ATP Security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=236008

Trust: 0.6

sources: CNNVD: CNNVD-202304-1908

EXTERNAL IDS

db:NVDid:CVE-2023-22916

Trust: 3.3

db:JVNDBid:JVNDB-2023-009324

Trust: 0.8

db:CNNVDid:CNNVD-202304-1908

Trust: 0.6

db:VULMONid:CVE-2023-22916

Trust: 0.1

sources: VULMON: CVE-2023-22916 // JVNDB: JVNDB-2023-009324 // NVD: CVE-2023-22916 // CNNVD: CNNVD-202304-1908

REFERENCES

url:https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-22916

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-22916/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-22916 // JVNDB: JVNDB-2023-009324 // NVD: CVE-2023-22916 // CNNVD: CNNVD-202304-1908

SOURCES

db:VULMONid:CVE-2023-22916
db:JVNDBid:JVNDB-2023-009324
db:NVDid:CVE-2023-22916
db:CNNVDid:CNNVD-202304-1908

LAST UPDATE DATE

2023-12-18T12:14:48.086000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-22916date:2023-04-24T00:00:00
db:JVNDBid:JVNDB-2023-009324date:2023-12-05T05:26:00
db:NVDid:CVE-2023-22916date:2023-05-04T19:35:46.887
db:CNNVDid:CNNVD-202304-1908date:2023-05-06T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-22916date:2023-04-24T00:00:00
db:JVNDBid:JVNDB-2023-009324date:2023-12-05T00:00:00
db:NVDid:CVE-2023-22916date:2023-04-24T17:15:09.767
db:CNNVDid:CNNVD-202304-1908date:2023-04-24T00:00:00