Details of VAR-202305-2121

ID

VAR-202305-2121

CVE

CVE-2023-33009

TITLE

Zyxel ATP Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202305-2094

DESCRIPTION

A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device

Trust: 0.99

sources: NVD: CVE-2023-33009 // VULMON: CVE-2023-33009

AFFECTED PRODUCTS

vendor:	zyxel	model:	atp800	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp100w	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg 20w-vpn	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp100	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp700	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg20-vpn	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg 60	scope:	eq	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	atp500	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp100w	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg flex 100	scope:	gte	version:	4.50	Trust: 1.0
vendor:	zyxel	model:	usg 40	scope:	gte	version:	4.25	Trust: 1.0
vendor:	zyxel	model:	usg 60	scope:	gte	version:	4.25	Trust: 1.0
vendor:	zyxel	model:	usg flex 500	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp100	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg flex 700	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp200	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 50w	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	vpn100	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	vpn100	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp500	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	vpn50	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg 40w	scope:	gte	version:	4.25	Trust: 1.0
vendor:	zyxel	model:	vpn300	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp700	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	vpn300	scope:	gte	version:	4.30	Trust: 1.0
vendor:	zyxel	model:	usg 40	scope:	eq	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	atp200	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	vpn1000	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp100w	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg 60w	scope:	lt	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	usg flex 200	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp500	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 100	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 50	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp800	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 700	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg 60	scope:	lt	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	usg flex 200	scope:	gte	version:	4.50	Trust: 1.0
vendor:	zyxel	model:	atp100	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	vpn100	scope:	gte	version:	4.30	Trust: 1.0
vendor:	zyxel	model:	vpn50	scope:	gte	version:	4.30	Trust: 1.0
vendor:	zyxel	model:	vpn50	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg20-vpn	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp800	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	vpn1000	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	vpn1000	scope:	gte	version:	4.30	Trust: 1.0
vendor:	zyxel	model:	usg flex 500	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp200	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg 40	scope:	lt	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	usg 60w	scope:	gte	version:	4.25	Trust: 1.0
vendor:	zyxel	model:	usg flex 100w	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 100	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg 40w	scope:	eq	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	usg 40w	scope:	lt	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	usg 60w	scope:	eq	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	usg flex 50w	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 500	scope:	gte	version:	4.50	Trust: 1.0
vendor:	zyxel	model:	usg flex 700	scope:	gte	version:	4.50	Trust: 1.0
vendor:	zyxel	model:	usg flex 50w	scope:	gte	version:	4.25	Trust: 1.0
vendor:	zyxel	model:	usg flex 200	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	vpn300	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp700	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg20-vpn	scope:	gte	version:	4.30	Trust: 1.0

sources: NVD: CVE-2023-33009

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-33009
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202305-2094
value:	CRITICAL
Trust: 0.6

NVD:	CVE-2023-33009
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2023-33009 // CNNVD: CNNVD-202305-2094

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.0

sources: NVD: CVE-2023-33009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-2094

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202305-2094

CONFIGURATIONS

sources: NVD: CVE-2023-33009

PATCH

title:

Zyxel ATP Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=240582

Trust: 0.6

sources: CNNVD: CNNVD-202305-2094

EXTERNAL IDS

db:	NVD	id:	CVE-2023-33009	Trust: 1.7
db:	CNNVD	id:	CNNVD-202305-2094	Trust: 0.6
db:	VULMON	id:	CVE-2023-33009	Trust: 0.1

sources: VULMON: CVE-2023-33009 // NVD: CVE-2023-33009 // CNNVD: CNNVD-202305-2094

REFERENCES

url:	https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2023-33009/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-33009 // NVD: CVE-2023-33009 // CNNVD: CNNVD-202305-2094

SOURCES

db:	VULMON	id:	CVE-2023-33009
db:	NVD	id:	CVE-2023-33009
db:	CNNVD	id:	CNNVD-202305-2094

LAST UPDATE DATE

2023-06-16T22:42:32.194000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-33009	date:	2023-05-24T00:00:00
db:	NVD	id:	CVE-2023-33009	date:	2023-06-15T07:15:00
db:	CNNVD	id:	CNNVD-202305-2094	date:	2023-06-16T00:00:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-33009	date:	2023-05-24T00:00:00
db:	NVD	id:	CVE-2023-33009	date:	2023-05-24T13:15:00
db:	CNNVD	id:	CNNVD-202305-2094	date:	2023-05-24T00:00:00