Skip to main content

Zyxel Releases Security Updates

Security updates address vulnerabilities in Zyxel ATP, USG, and VPN products.

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security updates address vulnerabilities in Zyxel ATP, USG, and VPN products.


Threat details

Exploitation in the wild for CVE-2023-33009 and CVE-2023-33010

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-33009 and CVE-2023-33010 to their Known Exploited Vulnerability Catalog based on evidence of active exploitation in the wild.


Introduction

Zyxel has released security updates to address vulnerabilities in a range of products and access points, including Zyxel VPN, ATP and USG. The Critical vulnerability CVE-2023-33009 is centred around buffer overflow, which could be exploited to allow a remote attacker to cause a denial-of-service condition or perform remote code execution.   

The second Critical vulnerability CVE-2023-33010 is also a buffer overflow vulnerability, which is found within the ID processing function of the affected firewalls.

Zyxel releases additional mitigation guidance for CVE-2023-33009 and CVE-2023-33010

Zyxel has published additional guidance relating to vulnerability CVE-2023-33009 and CVE-2023-33010 for temporary mitigation and precautionary purposes:

  1. Unless it is absolutely necessary for devices to be managed from the WAN side, HTTP/HTTPS services should be disabled from the WAN.
  2. If devices still need to be managed from the WAN side:
    • Enable Policy Control and add rules to only allow access from trusted source IP addresses; and
    • Enable GeoIP filtering to only allow access from trusted locations.
  3. If use of the IPSec VPN function is not required, disable the UDP Port 500 and Port 4500.

Threat updates

Date Update
6 Jun 2023 Exploitation in the wild for CVE-2023-33009 and CVE-2023-33010

This cyber alert has been updated to reflect this change.

5 Jun 2023 Zyxel releases additional mitigation guidance for CVE-2023-33009 and CVE-2023-33010

This cyber alert has been updated to reflect this change.


Remediation advice

Affected organisations are encouraged to review Zyxel's security advisories for CVE-2023-33009 and CVE-2023-33010 and apply the relevant updates.



Last edited: 6 June 2023 2:55 pm