Inscrivez-vous maintenant pour un meilleur devis personnalisé!

Zyxel urges customers to patch critical firewall bypass vulnerability

Avr., 01, 2022 Hi-network.com

Zyxel is urging customers to immediately patch a critical vulnerability in the vendor's firewall software.  

Security

Cyber security 101: Protect your privacy from hackers, spies, and the government

Simple steps can make the difference between losing your online accounts or maintaining what is now a precious commodity: Your privacy.

Read now

In a security advisory published this week, the Taiwanese networking giant said the security flaw can lead to the circumvention of firewall protection in Zyxel USG, ZyWALL, FLEX, ATP, VPN, and NSG product lines. 

Tracked as CVE-2022-0342 and issued a critical severity score of 9.8, the vulnerability is described as an "authentication bypass" caused by a proper access control mechanism failure.

The bug is present in a number of CGI programs embedded in firewall software. 

"The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device," Zyxel says. 

The following firmware is impacted: 

  • USG/ZyWALL:versions 4.20 through 4.70
  • USG FLEX:versions 4.50 through 5.20
  • ATP:versions 4.32 through 5.20
  • VPN:versions 4.30 through 5.20
  • NSG:versions 1.20 through 1.33 (Patch 4)

Zyxel has released patches for impacted software, and users should upgrade their builds to protected versions as soon as possible. The vendor notes that after investigating the vulnerability, patches have been made available for products in their support period. Legacy product users should be aware that they may be vulnerable. 

Alessandro Sgreccia from Tecnical Service SrL, alongside Innotec Security's Roberto Garcia and Victor Garcia, have been credited for reporting the bug. 

See also

  • Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways
  • Log4j: Mirai botnet found targeting ZyXEL networking devices
  • SockDetour backdoor used in attacks on defense contractors, says Unit 42

Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0


Security

8 habits of highly secure remote workersHow to find and remove spyware from your phoneThe best VPN services: How do the top 5 compare?How to find out if you are involved in a data breach -- and what to do next
  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

tag-icon Tags chauds: technologie La sécurité

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.