CVE-2023-35140

CWE-269 — Improper Privilege Management3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 81.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel Gs1900-10hp Firmware Zyxel Gs1900-16 Firmware Zyxel Gs1900-24 Firmware +7 more

Timeline

PublishedNov 7

Latest updateNov 14

Description

The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2.70(ABTO.5) could allow an authenticated local user with read-only access to modify system settings on a vulnerable device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages11 packages

▶NVDzyxel/gs1900-24ep_firmware2.70\(abto.5\)

▶CVEListV5zyxel/gs1900-24ep_firmwareV2.70(ABTO.5)

▶NVDzyxel/gs1900-8_firmware2.70\(aahh.5\)

▶NVDzyxel/gs1900-16_firmware2.70\(aahj.5\)

▶NVDzyxel/gs1900-24_firmware2.70\(aahl.5\)

🔴Vulnerability Details

GHSA

GHSA-wcc8-wmx2-r8gp: The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2↗2023-11-14

▶

CVEList

CVE-2023-35140: The improper privilege management vulnerability in the Zyxel GS1900-24EP switch firmware version V2↗2023-11-07

▶