Details of VAR-202305-2285

ID

VAR-202305-2285

CVE

CVE-2023-33010

TITLE

Zyxel ATP Security hole

Trust: 0.6

sources: CNNVD: CNNVD-202305-2093

DESCRIPTION

A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device

Trust: 0.99

sources: NVD: CVE-2023-33010 // VULMON: CVE-2023-33010

AFFECTED PRODUCTS

vendor:	zyxel	model:	usg flex 50	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	vpn50	scope:	gte	version:	4.30	Trust: 1.0
vendor:	zyxel	model:	vpn1000	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 100w	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	vpn1000	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg 40	scope:	eq	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	usg 40	scope:	lt	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	vpn1000	scope:	gte	version:	4.30	Trust: 1.0
vendor:	zyxel	model:	vpn50	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	vpn300	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 500	scope:	gte	version:	4.50	Trust: 1.0
vendor:	zyxel	model:	usg flex 700	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	vpn50	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 500	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg 60	scope:	lt	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	usg20-vpn	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	vpn300	scope:	gte	version:	4.30	Trust: 1.0
vendor:	zyxel	model:	usg20-vpn	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp800	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	atp200	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	usg 60w	scope:	eq	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	usg 60w	scope:	lt	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	usg 60	scope:	gte	version:	4.25	Trust: 1.0
vendor:	zyxel	model:	vpn300	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp500	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	atp100w	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	atp700	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	vpn100	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg 20w-vpn	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 100	scope:	gte	version:	4.50	Trust: 1.0
vendor:	zyxel	model:	vpn100	scope:	gte	version:	4.30	Trust: 1.0
vendor:	zyxel	model:	usg 40w	scope:	gte	version:	4.25	Trust: 1.0
vendor:	zyxel	model:	atp100	scope:	gte	version:	4.32	Trust: 1.0
vendor:	zyxel	model:	atp800	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 500	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp500	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp100w	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp500	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp100w	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp700	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 100	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 50w	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 50w	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp200	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	atp700	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 100	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 50w	scope:	gte	version:	4.25	Trust: 1.0
vendor:	zyxel	model:	atp800	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg 40	scope:	gte	version:	4.25	Trust: 1.0
vendor:	zyxel	model:	usg20-vpn	scope:	gte	version:	4.30	Trust: 1.0
vendor:	zyxel	model:	usg 60w	scope:	gte	version:	4.25	Trust: 1.0
vendor:	zyxel	model:	usg 40w	scope:	eq	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	atp200	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 200	scope:	gte	version:	4.50	Trust: 1.0
vendor:	zyxel	model:	atp100	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg 40w	scope:	lt	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	atp100	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 200	scope:	eq	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 200	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 700	scope:	gte	version:	4.50	Trust: 1.0
vendor:	zyxel	model:	usg 60	scope:	eq	version:	4.73	Trust: 1.0
vendor:	zyxel	model:	vpn100	scope:	lt	version:	5.36	Trust: 1.0
vendor:	zyxel	model:	usg flex 700	scope:	eq	version:	5.36	Trust: 1.0

sources: NVD: CVE-2023-33010

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2023-33010
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202305-2093
value:	CRITICAL
Trust: 0.6

NVD:	CVE-2023-33010
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2023-33010 // CNNVD: CNNVD-202305-2093

PROBLEMTYPE DATA

problemtype:

CWE-120

Trust: 1.0

sources: NVD: CVE-2023-33010

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202305-2093

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202305-2093

CONFIGURATIONS

sources: NVD: CVE-2023-33010

PATCH

title:

Zyxel ATP Security vulnerabilities

url:

http://123.124.177.30/web/xxk/bdxqbyid.tag?id=240581

Trust: 0.6

sources: CNNVD: CNNVD-202305-2093

EXTERNAL IDS

db:	NVD	id:	CVE-2023-33010	Trust: 1.7
db:	CNNVD	id:	CNNVD-202305-2093	Trust: 0.6
db:	VULMON	id:	CVE-2023-33010	Trust: 0.1

sources: VULMON: CVE-2023-33010 // NVD: CVE-2023-33010 // CNNVD: CNNVD-202305-2093

REFERENCES

url:	https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls	Trust: 1.7
url:	https://cxsecurity.com/cveshow/cve-2023-33010/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2023-33010 // NVD: CVE-2023-33010 // CNNVD: CNNVD-202305-2093

SOURCES

db:	VULMON	id:	CVE-2023-33010
db:	NVD	id:	CVE-2023-33010
db:	CNNVD	id:	CNNVD-202305-2093

LAST UPDATE DATE

2023-06-08T22:51:45.947000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2023-33010	date:	2023-05-24T00:00:00
db:	NVD	id:	CVE-2023-33010	date:	2023-06-07T18:20:00
db:	CNNVD	id:	CNNVD-202305-2093	date:	2023-06-07T00:00:00

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2023-33010	date:	2023-05-24T00:00:00
db:	NVD	id:	CVE-2023-33010	date:	2023-05-24T13:15:00
db:	CNNVD	id:	CNNVD-202305-2093	date:	2023-05-24T00:00:00