Install the app
How to install the app on iOS

Follow along with the video below to see how to install our site as a web app on your home screen.

Note: This feature may not be available in some browsers.

  • Donate
    TheWindowsForum.com needs donations to stay online!
    Love TheWindowsForum.com? Then help keep it alive by sending a donation!

Hackers exploit critical Zyxel firewall flaw in ongoing attacks

AFFASocial

Ultimate Donator
VIP
Joined
Jun 26, 2021
Messages
852
Location
USA
  • May 31, 2023
  • 01:54 PM
  • 0

Hacker

Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install malware.
The flaw, which is present in the default configuration of impacted firewall and VPN devices, can be exploited to perform unauthenticated remote code execution using a specially crafted IKEv2 packet to UDP port 500 on the device.
Zyxel released patches for the vulnerability on April 25, 2023, warning users of the following product versions to apply to resolve the vulnerability:
  • ATP – ZLD V4.60 to V5.35
  • USG FLEX – ZLD V4.60 to V5.35
  • VPN- ZLD V4.60 to V5.35
  • ZyWALL/USG – ZLD V4.60 to V4.73
Today, CISA published an alert warning that CVE-2023-28771 is being actively exploited by attackers, urging federal agencies to apply the available update by June 21, 2023.
Tweet
This alert coincides with additional verification from Rapid7 today that confirms the active exploitation of the flaw.
One of the activity clusters confirmed to exploit CVE-2023-28771 is a Mirai-based botnet malware that, according to Shadowserver, started launching attacks on May 26, 2023.
Similar activity was spotted by cybersecurity researcher Kevin Beaumont a day earlier, who highlighted the use of a publicly available PoC (proof of concept) exploit.
While the Mirai threat is typically limited to DDoS (distributed denial of service), other threat groups might engage in lower-scale and less-noticeable exploitation to launch more potent attacks against organizations.
It is also important to note that Zyxel has recently fixed two other critical severity flaws, CVE-2023-33009 and CVE-2023-33010, which impact the same firewall and VPN products.
The two flaws could allow unauthenticated attackers to impose denial of service on vulnerable devices or execute arbitrary code.
System admins should apply the available security updates as soon as possible to mitigate emerging exploitation risks, as the more recent flaws are bound to get the attention of malicious actors.
At the time of writing, the latest available firmware version users are recommended to upgrade to is ‘ZLD V5.36 Patch 2’ for ATP – ZLD, USG FLEX, and VPN- ZLD, and ‘ZLD V4.73 Patch 2’ for ZyWALL.
 
Back
Top