ID

VAR-202304-2162


CVE

CVE-2023-27991


TITLE

plural  ZyXEL  In the product  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2023-009235

DESCRIPTION

The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely. ATP200 firmware, ATP100 firmware, ATP700 firmware etc. ZyXEL The product has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2023-27991 // JVNDB: JVNDB-2023-009235 // VULMON: CVE-2023-27991

AFFECTED PRODUCTS

vendor:zyxelmodel:atp500scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp700scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg20-vpnscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp800scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:atp100scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn300scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:vpn300scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 500scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:gteversion:4.16

Trust: 1.0

vendor:zyxelmodel:atp100wscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn100scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp700scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:vpn100scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:atp500scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:vpn50scope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:atp200scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:vpn1000scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp100scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp100wscope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:usg 20w-vpnscope:gteversion:4.16

Trust: 1.0

vendor:zyxelmodel:usg flex 50scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 100scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:vpn50scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp800scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 50wscope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:atp200scope:gteversion:4.32

Trust: 1.0

vendor:zyxelmodel:usg20-vpnscope:gteversion:4.30

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:ltversion:5.36

Trust: 1.0

vendor:zyxelmodel:usg flex 700scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 200scope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:usg flex 100wscope:gteversion:4.50

Trust: 1.0

vendor:zyxelmodel:atp100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg 20-vpnscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn1000scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 500scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 50wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg20-vpnscope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp800scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn100scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn300scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vpn50scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp700scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp100wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:atp200scope: - version: -

Trust: 0.8

vendor:zyxelmodel:usg flex 50scope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-009235 // NVD: CVE-2023-27991

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2023-27991
value: HIGH

Trust: 1.8

security@zyxel.com.tw: CVE-2023-27991
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202304-1940
value: HIGH

Trust: 0.6

NVD:
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2023-27991
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-009235 // NVD: CVE-2023-27991 // NVD: CVE-2023-27991 // CNNVD: CNNVD-202304-1940

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.0

problemtype:OS Command injection (CWE-78) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-009235 // NVD: CVE-2023-27991

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202304-1940

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202304-1940

CONFIGURATIONS

sources: NVD: CVE-2023-27991

PATCH

title:Zyxel ATP Fixes for operating system command injection vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=235563

Trust: 0.6

sources: CNNVD: CNNVD-202304-1940

EXTERNAL IDS

db:NVDid:CVE-2023-27991

Trust: 3.3

db:JVNDBid:JVNDB-2023-009235

Trust: 0.8

db:CNNVDid:CNNVD-202304-1940

Trust: 0.6

db:VULMONid:CVE-2023-27991

Trust: 0.1

sources: VULMON: CVE-2023-27991 // JVNDB: JVNDB-2023-009235 // NVD: CVE-2023-27991 // CNNVD: CNNVD-202304-1940

REFERENCES

url:https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls

Trust: 2.5

url:https://nvd.nist.gov/vuln/detail/cve-2023-27991

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2023-27991/

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2023-27991 // JVNDB: JVNDB-2023-009235 // NVD: CVE-2023-27991 // CNNVD: CNNVD-202304-1940

SOURCES

db:VULMONid:CVE-2023-27991
db:JVNDBid:JVNDB-2023-009235
db:NVDid:CVE-2023-27991
db:CNNVDid:CNNVD-202304-1940

LAST UPDATE DATE

2023-12-18T13:41:28.498000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2023-27991date:2023-04-25T00:00:00
db:JVNDBid:JVNDB-2023-009235date:2023-12-05T03:46:00
db:NVDid:CVE-2023-27991date:2023-06-13T13:18:19.840
db:CNNVDid:CNNVD-202304-1940date:2023-05-04T00:00:00

SOURCES RELEASE DATE

db:VULMONid:CVE-2023-27991date:2023-04-24T00:00:00
db:JVNDBid:JVNDB-2023-009235date:2023-12-05T00:00:00
db:NVDid:CVE-2023-27991date:2023-04-24T18:15:09.497
db:CNNVDid:CNNVD-202304-1940date:2023-04-24T00:00:00