CVE-2023-5960

CWE-269Improper Privilege Management4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 78.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Zyxel ZLDZyxel USG Flex Series FirmwareZyxel VPN Series Firmware
Timeline
PublishedNov 28

Description

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5zyxel/usg_flex_series_firmwareversions 4.50 through 5.37
CVEListV5zyxel/vpn_series_firmwareversions 4.30 through 5.37
NVDzyxel/zld4.505.37+1

🔴Vulnerability Details

3
CVEList
CVE-2023-5960: An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 42023-11-28
GHSA
GHSA-jqv4-rmqv-7747: An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 42023-11-28
OSV
python2.7, python3.10, python3.11, python3.5, python3.6, python3.8 vulnerability2023-06-05
CVE-2023-5960 (MEDIUM CVSS 5.5) | An improper privilege management vu | cvebase.io