A high severity vulnerability could allow an attacker to upload and download files

Threat ID:CC-4583

Threat Severity:Medium

Published:2 December 2024 4:14 PM

Summary

Affected platforms

The following platforms are known to be affected:

Zyxel ATP

Firmware versions 5.00 to 5.38

Zyxel Unified Security Gateway (USG) FLEX

USG Flex Series Firmware
- 5.00 to 5.38

USG Flex 50(W) Series Firmware
- 5.10 to 5.38

Zyxel USG20-VPN/USG20W-VPN

Firmware versions 5.00 to 5.38

Threat details

Exploitation of CVE-2024-11667

Zyxel states that CVE-2024-11667 is under exploitation.

SSLVPN and firewall appliances are internet-facing by design and frequent targets for cyber threat groups. Vulnerabilities in SSLVPN and firewall appliances are often exploited soon after official disclosure and broader exploitation is expected.

Introduction

Zyxel has released a security advisory addressing recent targeting of its firewall products. Attackers have been observed exploiting vulnerabilities patched in September (see Cyber Alert CC-4541) and a previously undisclosed high severity vulnerability.

CVE-2024-11667 is a path traversal vulnerability and has a CVSSv3 score of 7.5. If exploited, an attacker could download or upload files via a specially crafted URL. The vulnerability is in the ZLD firewall firmware, which is present on several product lines.

The vulnerability was patched in the latest ZLD firewall firmware version 5.39. An device that has been updated to the latest version since September 2024 should not be vulnerable.

Remediation advice

Affected organisations are encouraged to review Zyxel's security advisories and apply the relevant updates. If an update cannot be applied, affected organisations are encouraged to disable remote access where possible and review Zyxel's guidance on 'Best Practices to Secure a Distributed Network Infrastructure'.

Definitive source of threat updates

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024

CVE Vulnerabilities

StatusPublished

CVE-2024-11667A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL.

Last edited: 2 December 2024 4:14 pm