Zyxel has released application updates to deal with two critical security flaws influencing select firewall and VPN solutions that could be abused by distant attackers to attain code execution.
Both equally the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring program.
A transient description of the two issues is down below –
![Mullvad VPN Discount](https://thecybersecurity.news/data/2022/05/Mullvad-VPN-245x300.png)
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
- CVE-2023-33009 – A buffer overflow vulnerability in the notification perform that could allow an unauthenticated attacker to result in a denial-of-company (DoS) issue and remote code execution.
- CVE-2023-33010 – A buffer overflow vulnerability in the ID processing operate that could empower an unauthenticated attacker to result in a denial-of-service (DoS) affliction and distant code execution.
The pursuing devices are impacted –
- ATP (variations ZLD V4.32 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
- USG FLEX (versions ZLD V4.50 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
- USG FLEX50(W) / USG20(W)-VPN (versions ZLD V4.25 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2)
- VPN (variations ZLD V4.30 to V5.36 Patch 1, patched in ZLD V5.36 Patch 2), and
- ZyWALL/USG (variations ZLD V4.25 to V4.73 Patch 1, patched in ZLD V4.73 Patch 2)
Security scientists from TRAPA Security and STAR Labs SG have been credited with identifying and reporting the flaw.
Impending WEBINARZero Belief + Deception: Study How to Outsmart Attackers!
Discover how Deception can detect advanced threats, cease lateral motion, and enrich your Zero Belief strategy. Join our insightful webinar!
Preserve My Seat!
The advisory arrives fewer than a month immediately after Zyxel shipped fixes for another critical security flaw in its firewall equipment that could be exploited to attain remote code execution on afflicted programs.
The issue, tracked as CVE-2023-28771 (CVSS rating: 9.8), was also credited to TRAPA Security, with the networking products maker blaming it on poor error message dealing with. It has because arrive below active exploitation by menace actors involved with the Mirai botnet.
Discovered this posting attention-grabbing? Comply with us on Twitter and LinkedIn to study extra distinctive written content we post.
Some elements of this post are sourced from:
thehackernews.com