Zyxel Releases Security Updates
Security updates address vulnerabilities in Zyxel ATP, USG, and VPN products.
Summary
Security updates address vulnerabilities in Zyxel ATP, USG, and VPN products.
Affected platforms
The following platforms are known to be affected:
Threat details
Exploitation in the wild for CVE-2023-33009 and CVE-2023-33010
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-33009 and CVE-2023-33010 to their Known Exploited Vulnerability Catalog based on evidence of active exploitation in the wild.
Introduction
Zyxel has released security updates to address vulnerabilities in a range of products and access points, including Zyxel VPN, ATP and USG. The Critical vulnerability CVE-2023-33009 is centred around buffer overflow, which could be exploited to allow a remote attacker to cause a denial-of-service condition or perform remote code execution.
The second Critical vulnerability CVE-2023-33010 is also a buffer overflow vulnerability, which is found within the ID processing function of the affected firewalls.
Zyxel releases additional mitigation guidance for CVE-2023-33009 and CVE-2023-33010
Zyxel has published additional guidance relating to vulnerability CVE-2023-33009 and CVE-2023-33010 for temporary mitigation and precautionary purposes:
- Unless it is absolutely necessary for devices to be managed from the WAN side, HTTP/HTTPS services should be disabled from the WAN.
- If devices still need to be managed from the WAN side:
- Enable Policy Control and add rules to only allow access from trusted source IP addresses; and
- Enable GeoIP filtering to only allow access from trusted locations.
- If use of the IPSec VPN function is not required, disable the UDP Port 500 and Port 4500.
Threat updates
| Date | Update |
|---|---|
| 6 Jun 2023 |
Exploitation in the wild for CVE-2023-33009 and CVE-2023-33010
This cyber alert has been updated to reflect this change. |
| 5 Jun 2023 |
Zyxel releases additional mitigation guidance for CVE-2023-33009 and CVE-2023-33010
This cyber alert has been updated to reflect this change. |
Remediation advice
Affected organisations are encouraged to review Zyxel's security advisories for CVE-2023-33009 and CVE-2023-33010 and apply the relevant updates.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 6 June 2023 2:55 pm