CVE-2023-4397

Description

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected products

Zyxel / ATP series firmware5.37 – 5.37
Zyxel / USG20(W)-VPN series firmware5.37 – 5.37
Zyxel / USG FLEX 50(W) series firmware5.37 – 5.37
Zyxel / USG FLEX series firmware5.37 – 5.37

References

VENDOR_ADVISORYhttps://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps