vulnerability

CVE-2023-28771: OS command injection vulnerability

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	2023-04-25	2023-05-19	2023-06-02

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

2023-04-25

Added

2023-05-19

Modified

2023-06-02

Description

Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.

Solution

zyxel-firewall-upgrade-latest

References

CVE-2023-28771
https://attackerkb.com/topics/CVE-2023-28771
URL-https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today