Buffer Overflow Vulnerability in Zyxel Firewalls and VPN Products
CVE-2023-33010
Key Information:
- Vendor
Zyxel
- Vendor
- CVE Published:
- 24 May 2023
Badges
What is CVE-2023-33010?
A vulnerability exists in the ID processing function of multiple Zyxel firewall and VPN firmware versions, which allows unauthenticated attackers to exploit the buffer overflow. Successful exploitation may lead to denial-of-service conditions, compromising system availability, and could also enable remote code execution. This risk emphasizes the importance of promptly updating affected firmware to protect against potential attacks.
CISA has reported CVE-2023-33010
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-33010 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace
The CISA's recommendation is: Apply updates per vendor instructions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
ATP series firmware 4.32 through 5.36 Patch 1
USG FLEX 50(W) firmware 4.25 through 5.36 Patch 1
USG FLEX series firmware 4.50 through 5.36 Patch 1
References
EPSS Score
5% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- ๐พ
Exploit known to exist
- ๐ฆ
CISA Reported
Vulnerability published
Vulnerability Reserved