Zyxel warned admins of multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products.
A cross-site scripting vulnerability was identified in the CGI program of some firewall versions that could allow an attacker to obtain some information stored in the user’s browser, such as cookies or session tokens, via a malicious script.
Multiple improper input validation flaws were identified in some CLI commands of some firewall, AP controller, and AP versions that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.
A command injection vulnerability in the "packet-trace" CLI command of some firewall, AP controller, and AP versions could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the command.
An authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions. The flaw could allow an attacker to downgrade from two-factor authentication to one-factor authentication via an IPsec VPN client.
Alastair William, Vice President Worldwide Systems Engineering, Skybox
“The fact that these vulnerabilities do not carry a critical rating does not mean organizations shouldn’t be quick to patch. If organizations are relying on conventional approaches to vulnerability management, they may only move to patch the highest severity vulnerabilities first based on the Common Vulnerability Scoring System (CVSS). Cybercriminals know this is how many companies handle their cybersecurity, so they’ve learned to take advantage of vulnerabilities seen as less critical to carry out their attacks.
It is especially important to heed this new warning as we approach a holiday weekend. In the last year, we have seen a trend of bad actors taking advantage of holiday weekends in the U.S. to target organizations. We saw this happen with the Colonial Pipeline ransomware attack over Mother’s Day weekend, the attack on JBS over Memorial Day weekend, and the ransomware attack against Kaseya during the July 4th holiday.
To stay ahead of cybercriminals, companies need to address vulnerability exposure risks before hackers attack them. That means taking a more proactive approach to vulnerability management by learning to identify and prioritize exposed vulnerabilities across the entire threat landscape. Organizations should prioritize based on exposure-based risk scores, and close with prescriptive remediation options. It's essential for organizations to increase the maturity of their vulnerability management programs to ensure they can quickly discover if they are impacted by vulnerabilities and how urgent it is to remediate.”