Zyxel Firewall Alert: Patch Now to Close the CVE-2023-28771 Vulnerability
A recently discovered security vulnerability, CVE-2023-28771, has raised major concerns among network experts due to its CVSS score of 9.8, which indicates a critical level of risk. Thanks to the diligent work of TRAPA Security, the issue has been brought to light, and Zyxel has released essential patches to mitigate the threat.
CVE-2023-28771: OS command injection vulnerability
CVE-2023-28771 is an operating system (OS) command injection vulnerability found in certain versions of Zyxel firewalls. The flaw stems from improper error message handling, which, if exploited, could allow an unauthenticated attacker to remotely execute OS commands on an affected device. An attacker could achieve this by sending specially crafted packets to the vulnerable device, potentially leading to unauthorized access or even control over the network.
Affected Zyxel Firewalls: Are You at Risk?
Upon learning about the vulnerability, Zyxel conducted a comprehensive investigation and identified the affected products within their vulnerability support period. To determine if your Zyxel firewall is at risk, check your product version and compare it with the list of vulnerable devices provided by Zyxel. Remember, time is of the essence, as attackers are constantly seeking new ways to exploit vulnerabilities.
| Affected series | Affected version | Patch availability |
|---|---|---|
| ATP | ZLD V4.60 to V5.35 | ZLD V5.36 |
| USG FLEX | ZLD V4.60 to V5.35 | ZLD V5.36 |
| VPN | ZLD V4.60 to V5.35 | ZLD V5.36 |
| ZyWALL/USG | ZLD V4.60 to V4.73 | ZLD V4.73 Patch 1 |
Securing Your Network: Patching and Best Practices
To protect your network from the CVE-2023-28771 vulnerability, Zyxel urges users to install the released patches immediately. The patches address the issue by correcting the error message handling mechanism, thereby preventing attackers from exploiting the vulnerability.
In addition to applying the patches, it’s essential to follow these best practices for maintaining a secure network:
- Regularly update your firewall’s firmware to the latest version.
- Employ strong, unique passwords and enable multi-factor authentication (MFA) whenever possible.
- Limit remote access to your network and implement strict access controls.
- Monitor your network for unusual activity and promptly address any detected threats.
