A critical security flaw is affecting Zyxel firewall devices - here's what you need to know
The vulnerability allows for remote code execution
A critical vulnerability discovered in a number of Zyxel networking appliances is being abused in the wild, cybersecurity researchers are saying, urging users to apply a fix now.
A flaw tracked as CVE-2023-28771 was recently discovered affecting different devices belonging to multiple lineups: ATP, USG FLEX - ZLD, VPN - ZLD, and ZyWALL/USG - ZLD. The flaw was described as a critical severity command injection flaw that allows threat actors to install malware on the affected endpoints.
The devices need to be in default configuration mode for the attackers to be able to perform unauthenticated remote code execution via a specially designed IKEv2 packet.
Numerous devices affected
Zyxel released a patch for the flaw in late April this year, and the Cybersecurity and Infrastructure Security Agency (CISA) has now pushed a warning, urging federal agencies to patch their endpoints by June 21, as the flaw is being actively leveraged. BleepingComputer also reported that cybersecurity researchers from Rapid7 also confirmed threat actors abusing the flaw.
One of the groups actively engaged in targeting vulnerable Zyxel devices is Mirai, that’s been expanding its botnet since May 26.
Mirai is usually used for distributed denial of service (DDoS) attacks, but the infected devices can be used for different kinds of cyberattacks.
The news comes less than a week since Zyxel reported discovering two critical vulnerabilities in some of its networking gear. Both of these vulnerabilities are buffer overflows, allowing for denial-of-service (DoS) attacks, as well as remote code execution (RCE), and both were found in some of Zyxel’s firewall and VPN products, and carry a severity score of 9.8 (critical). They are being tracked as CVE-2023-33009, and CVE-2023-33010.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
“Zyxel has released patches for firewalls affected by multiple buffer overflow vulnerabilities,” the company’s security advisory reads. “Users are advised to install them for optimal protection.”.
- Check out our list of the best ransomware protection around
Via BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.