CVE-2023-4397

CWE-120 — Classic Buffer Overflow3 documents3 sources

Severity

4.4MEDIUM

EPSS

0.0%

top 87.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Zyxel ATP Series Firmware Zyxel Usg20(w)-vpn Series Firmware Zyxel USG Flex 50(w) Series Firmware +2 more

Timeline

PublishedNov 28

Description

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing the CLI command with crafted strings on an affected device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 0.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5zyxel/usg_flex_series_firmware5.37

▶CVEListV5zyxel/usg_flex_50(w)_series_firmware5.37

▶CVEListV5zyxel/usg20(w)-vpn_series_firmware5.37

▶CVEListV5zyxel/atp_series_firmware5.37

▶NVDzyxel/zld5.37

🔴Vulnerability Details

GHSA

GHSA-rx6q-hj2g-x8wp: A buffer overflow vulnerability in the Zyxel ATP series firmware version 5↗2023-11-28

▶

CVEList

CVE-2023-4397: A buffer overflow vulnerability in the Zyxel ATP series firmware version 5↗2023-11-28

▶