Home>Blog>The Hacker News Headlines>Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices
The Hacker News Headlines

Zyxel Releases Patches for Critical Bug Affecting Business Firewall and VPN Devices

Zyxel

Networking equipment maker Zyxel has pushed security updates for
a critical vulnerability affecting some of its business firewall
and VPN products that could enable an attacker to take control of
the devices.

“An authentication bypass vulnerability caused by the lack of a
proper access control mechanism has been found in the CGI program
of some firewall versions,” the company said[1]
in an advisory published this week. “The flaw could allow an
attacker to bypass the authentication and obtain administrative
access to the device.”

The flaw has been assigned the identifier CVE-2022-0342[2]
and is rated 9.8 out of 10 for severity. Credited with reporting
the bug are Alessandro Sgreccia from Tecnical Service Srl and
Roberto Garcia H and Victor Garcia R from Innotec Security.

CyberSecurity

The following Zyxel products are impacted –

  • USG/ZyWALL running firmware versions ZLD V4.20 through ZLD
    V4.70 (fixed in ZLD V4.71)
  • USG FLEX running firmware versions ZLD V4.50 through ZLD V5.20
    (fixed in ZLD V5.21 Patch 1)
  • ATP running firmware versions ZLD V4.32 through ZLD V5.20
    (fixed in ZLD V5.21 Patch 1)
  • VPN running firmware versions ZLD V4.30 through ZLD V5.20
    (fixed in ZLD V5.21)
  • NSG running firmware versions V1.20 through V1.33 Patch 4
    (Hotfix V1.33p4_WK11 available now, with standard patch V1.33 Patch
    5 expected in May 2022)

While there is no evidence that the vulnerability has been
exploited in the wild, it’s recommended that users install the
firmware updates to prevent any potential threats.

CISA warns about actively exploited Sophos and Trend Micro
flaws

The disclosure comes as both Sophos and SonicWall released
patches this week to their firewall appliances to resolve critical
flaws (CVE-2022-1040[3]
and CVE-2022-22274[4]) that could allow a
remote attacker to execute arbitrary code on affected systems.

CyberSecurity

The critical Sophos firewall vulnerability, which has been
observed exploited in active attacks against select organizations
in South Asia, has since been added by the U.S. Cybersecurity and
Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities
Catalog[5].

Also added to the list is a high-severity arbitrary file upload
vulnerability in Trend Micro’s Apex Central product that could
allow an unauthenticated remote attacker to upload an arbitrary
file, resulting in code execution (CVE-2022-26871[6], CVSS score: 8.6).

“Trend Micro has observed an active attempt of exploitation
against this vulnerability in-the-wild (ITW) in a very limited
number of instances, and we have been in contact with these
customers already,” the company said[7]. “All customers are
strongly encouraged to update to the latest version as soon as
possible.”

References

  1. ^
    said
    (www.zyxel.com)
  2. ^
    CVE-2022-0342
    (nvd.nist.gov)
  3. ^
    CVE-2022-1040
    (thehackernews.com)
  4. ^
    CVE-2022-22274
    (thehackernews.com)
  5. ^
    Known
    Exploited Vulnerabilities Catalog
    (www.cisa.gov)
  6. ^
    CVE-2022-26871
    (nvd.nist.gov)
  7. ^
    said
    (success.trendmicro.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.