vulnerability

CVE-2023-28771: OS command injection vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Apr 25, 2023	May 19, 2023	Jun 2, 2023

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Apr 25, 2023

Added

May 19, 2023

Modified

Jun 2, 2023

Description

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

Solution

zyxel-firewall-upgrade-latest

References

CVE-2023-28771
https://attackerkb.com/topics/CVE-2023-28771
URL-https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today