CVE-2023-5960

EPSS 0.07%
Published 28.11.2023 03:15:07
Last modified 21.11.2024 08:42:52
Source security@zyxel.com.tw
Teams watchlist Login
Open Login

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.

Affected products Warnungen 0 Metrics 2 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zyxel ≫ Zld Version >= 4.50 <= 5.37

   Zyxel ≫ Usg Flex 100 Version-
   Zyxel ≫ Usg Flex 100w Version-
   Zyxel ≫ Usg Flex 200 Version-
   Zyxel ≫ Usg Flex 50 Version-
   Zyxel ≫ Usg Flex 500 Version-
   Zyxel ≫ Usg Flex 50w Version-
   Zyxel ≫ Usg Flex 700 Version-

Zyxel ≫ Zld Version >= 4.30 <= 5.37

   Zyxel ≫ Vpn100 Version-
   Zyxel ≫ Vpn1000 Version-
   Zyxel ≫ Vpn300 Version-
   Zyxel ≫ Vpn50 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.07%	0.228

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
security@zyxel.com.tw	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-5960

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-5960

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-5960

EUVD