CVE-2023-5797

EPSS 0.05%
Published 28.11.2023 03:15:07
Last modified 21.11.2024 08:42:30
Source security@zyxel.com.tw
Teams watchlist Login
Open Login

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator’s logs on an affected device.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zyxel ≫ Zld Version >= 4.32 <= 5.37

   Zyxel ≫ Atp100 Version-
   Zyxel ≫ Atp100w Version-
   Zyxel ≫ Atp200 Version-
   Zyxel ≫ Atp500 Version-
   Zyxel ≫ Atp700 Version-
   Zyxel ≫ Atp800 Version-

Zyxel ≫ Zld Version >= 4.50 <= 5.37

   Zyxel ≫ Usg Flex 100 Version-
   Zyxel ≫ Usg Flex 100w Version-
   Zyxel ≫ Usg Flex 200 Version-
   Zyxel ≫ Usg Flex 50 Version-
   Zyxel ≫ Usg Flex 500 Version-
   Zyxel ≫ Usg Flex 50w Version-
   Zyxel ≫ Usg Flex 700 Version-

Zyxel ≫ Zld Version >= 4.16 <= 5.37

Zyxel ≫ Usg 20w-vpn Version-
Zyxel ≫ Vpn50w Version-

Zyxel ≫ Zld Version >= 4.30 <= 5.37

   Zyxel ≫ Vpn100 Version-
   Zyxel ≫ Vpn1000 Version-
   Zyxel ≫ Vpn300 Version-
   Zyxel ≫ Vpn50 Version-

Zyxel ≫ Nwa110ax Firmware Version < 6.70\(abtg.0\)

Zyxel ≫ Nwa110ax Version-

Zyxel ≫ Nwa1123acv3 Firmware Version < 6.70\(abvt.0\)

Zyxel ≫ Nwa1123acv3 Version-

Zyxel ≫ Nwa210ax Firmware Version < 6.70\(abtd.0\)

Zyxel ≫ Nwa210ax Version-

Zyxel ≫ Nwa220ax-6e Firmware Version < 6.70\(acco.0\)

Zyxel ≫ Nwa220ax-6e Version-

Zyxel ≫ Nwa50ax Firmware Version < 6.80\(abyw.0\)

Zyxel ≫ Nwa50ax Version-

Zyxel ≫ Nwa50ax-pro Firmware Version < 6.80\(acge.0\)

Zyxel ≫ Nwa50ax-pro Version-

Zyxel ≫ Nwa55axe Firmware Version < 6.80\(abzl.0\)

Zyxel ≫ Nwa55axe Version-

Zyxel ≫ Nwa90ax Firmware Version < 6.80\(accv.0\)

Zyxel ≫ Nwa90ax Version-

Zyxel ≫ Nwa90ax-pro Firmware Version < 6.80\(acgf.0\)

Zyxel ≫ Nwa90ax-pro Version-

Zyxel ≫ Wac500 Firmware Version < 6.70\(abvs.0\)

Zyxel ≫ Wac500 Version-

Zyxel ≫ Wac500h Firmware Version < 6.70\(abwa.0\)

Zyxel ≫ Wac500h Version-

Zyxel ≫ Wax510d Firmware Version < 6.70\(abtf.0\)

Zyxel ≫ Wax510d Version-

Zyxel ≫ Wax610d Firmware Version < 6.70\(abte.0\)

Zyxel ≫ Wax610d Version-

Zyxel ≫ Wax620d-6e Firmware Version < 6.70\(accn.0\)

Zyxel ≫ Wax620d-6e Version-

Zyxel ≫ Wax630s Firmware Version < 6.70\(abzd.0\)

Zyxel ≫ Wax630s Version-

Zyxel ≫ Wax640s-6e Firmware Version < 6.70\(accm.0\)

Zyxel ≫ Wax640s-6e Version-

Zyxel ≫ Wax650s Firmware Version < 6.70\(abrm.0\)

Zyxel ≫ Wax650s Version-

Zyxel ≫ Wax655e Firmware Version < 6.70\(acdo.0\)

Zyxel ≫ Wax655e Version-

Zyxel ≫ Wbe660s Firmware Version < 6.70\(acgg.0\)

Zyxel ≫ Wbe660s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.05%	0.16

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
security@zyxel.com.tw	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-5797

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5797

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5797

EUVD