CVE-2023-6399

EPSS 0.31%
Published 20.02.2024 02:15:49
Last modified 21.01.2025 18:36:34
Source security@zyxel.com.tw
Teams watchlist Login
Open Login

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, and USG FLEX H series firmware versions from 1.10 through 1.10 Patch 1 could allow an authenticated IPSec VPN user to cause DoS conditions against the “deviceid” daemon by sending a crafted hostname to an affected device if it has the “Device Insight” feature enabled.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zyxel ≫ Atp100 Firmware Version >= 5.10 < 5.37

Zyxel ≫ Atp100 Version-

Zyxel ≫ Atp100 Firmware Version5.37 Update-

Zyxel ≫ Atp100 Version-

Zyxel ≫ Atp100 Firmware Version5.37 Updatepatch1

Zyxel ≫ Atp100 Version-

Zyxel ≫ Atp100w Firmware Version >= 5.10 < 5.37

Zyxel ≫ Atp100w Version-

Zyxel ≫ Atp100w Firmware Version5.37 Update-

Zyxel ≫ Atp100w Version-

Zyxel ≫ Atp100w Firmware Version5.37 Updatepatch1

Zyxel ≫ Atp100w Version-

Zyxel ≫ Atp200 Firmware Version >= 5.10 < 5.37

Zyxel ≫ Atp200 Version-

Zyxel ≫ Atp200 Firmware Version5.37 Update-

Zyxel ≫ Atp200 Version-

Zyxel ≫ Atp200 Firmware Version5.37 Updatepatch1

Zyxel ≫ Atp200 Version-

Zyxel ≫ Atp500 Firmware Version >= 5.10 < 5.37

Zyxel ≫ Atp500 Version-

Zyxel ≫ Atp500 Firmware Version5.37 Update-

Zyxel ≫ Atp500 Version-

Zyxel ≫ Atp500 Firmware Version5.37 Updatepatch1

Zyxel ≫ Atp500 Version-

Zyxel ≫ Atp700 Firmware Version >= 5.10 < 5.37

Zyxel ≫ Atp700 Version-

Zyxel ≫ Atp700 Firmware Version5.37 Update-

Zyxel ≫ Atp700 Version-

Zyxel ≫ Atp700 Firmware Version5.37 Updatepatch1

Zyxel ≫ Atp700 Version-

Zyxel ≫ Atp800 Firmware Version >= 5.10 < 5.37

Zyxel ≫ Atp800 Version-

Zyxel ≫ Atp800 Firmware Version5.37 Update-

Zyxel ≫ Atp800 Version-

Zyxel ≫ Atp800 Firmware Version5.37 Updatepatch1

Zyxel ≫ Atp800 Version-

Zyxel ≫ Usg Flex 100 Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg Flex 100 Version-

Zyxel ≫ Usg Flex 100 Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 100 Version-

Zyxel ≫ Usg Flex 100 Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 100 Version-

Zyxel ≫ Usg Flex 100ax Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg Flex 100ax Version-

Zyxel ≫ Usg Flex 100ax Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 100ax Version-

Zyxel ≫ Usg Flex 100ax Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 100ax Version-

Zyxel ≫ Usg Flex 100h Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg Flex 100h Version-

Zyxel ≫ Usg Flex 100h Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 100h Version-

Zyxel ≫ Usg Flex 100h Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 100h Version-

Zyxel ≫ Usg Flex 100w Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg Flex 100w Version-

Zyxel ≫ Usg Flex 100w Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 100w Version-

Zyxel ≫ Usg Flex 100w Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 100w Version-

Zyxel ≫ Usg Flex 200 Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg Flex 200 Version-

Zyxel ≫ Usg Flex 200 Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 200 Version-

Zyxel ≫ Usg Flex 200 Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 200 Version-

Zyxel ≫ Usg Flex 200h Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg Flex 200h Version-

Zyxel ≫ Usg Flex 200h Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 200h Version-

Zyxel ≫ Usg Flex 200h Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 200h Version-

Zyxel ≫ Usg Flex 200hp Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg Flex 200hp Version-

Zyxel ≫ Usg Flex 200hp Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 200hp Version-

Zyxel ≫ Usg Flex 200hp Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 200hp Version-

Zyxel ≫ Usg Flex 500 Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg Flex 500 Version-

Zyxel ≫ Usg Flex 500 Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 500 Version-

Zyxel ≫ Usg Flex 500 Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 500 Version-

Zyxel ≫ Usg Flex 500h Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg Flex 500h Version-

Zyxel ≫ Usg Flex 500h Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 500h Version-

Zyxel ≫ Usg Flex 500h Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 500h Version-

Zyxel ≫ Usg Flex 700 Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg Flex 700 Version-

Zyxel ≫ Usg Flex 700 Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 700 Version-

Zyxel ≫ Usg Flex 700 Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 700 Version-

Zyxel ≫ Usg Flex 700h Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg Flex 700h Version-

Zyxel ≫ Usg Flex 700h Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 700h Version-

Zyxel ≫ Usg Flex 700h Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 700h Version-

Zyxel ≫ Usg Flex 50 Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg Flex 50 Version-

Zyxel ≫ Usg Flex 50 Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 50 Version-

Zyxel ≫ Usg Flex 50 Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 50 Version-

Zyxel ≫ Usg Flex 50w Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg Flex 50w Version-

Zyxel ≫ Usg Flex 50w Firmware Version5.37 Update-

Zyxel ≫ Usg Flex 50w Version-

Zyxel ≫ Usg Flex 50w Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg Flex 50w Version-

Zyxel ≫ Usg20-vpn Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg20-vpn Version-

Zyxel ≫ Usg20-vpn Firmware Version5.37 Update-

Zyxel ≫ Usg20-vpn Version-

Zyxel ≫ Usg20-vpn Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg20-vpn Version-

Zyxel ≫ Usg20w-vpn Firmware Version >= 5.10 < 5.37

Zyxel ≫ Usg20w-vpn Version-

Zyxel ≫ Usg20w-vpn Firmware Version5.37 Update-

Zyxel ≫ Usg20w-vpn Version-

Zyxel ≫ Usg20w-vpn Firmware Version5.37 Updatepatch1

Zyxel ≫ Usg20w-vpn Version-

Zyxel ≫ Uos Version1.10 Update-

   Zyxel ≫ Usg Flex 100h Version-
   Zyxel ≫ Usg Flex 100hp Version-
   Zyxel ≫ Usg Flex 200h Version-
   Zyxel ≫ Usg Flex 200hp Version-
   Zyxel ≫ Usg Flex 500h Version-
   Zyxel ≫ Usg Flex 700h Version-

Zyxel ≫ Uos Version1.10 Updatepatch1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.31%	0.531

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
security@zyxel.com.tw	5.7	2.1	3.6	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-6399

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-6399

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-6399

EUVD