Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-34gf-pfjm-cq2w

Опубликовано: 06 июл. 2023
Источник: github
Github: Не прошло ревью
CVSS3: 7.5

Описание

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file.

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file.

Ссылки

EPSS

Процентиль: 78%
0.01184
Низкий

7.5 High

CVSS3

CVE ID

CVE-2023-22917

Дефекты

CWE-120

Связанные уязвимости

nvd логотип

CVE-2023-22917

CVSS3: 7.5
nvd
почти 3 года назад

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file.

fstec логотип

BDU:2023-08491

CVSS3: 7.5
fstec
около 3 лет назад

Уязвимость микропрограммного обеспечения сетевых устройств Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN и VPN, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 78%
0.01184
Низкий

7.5 High

CVSS3

CVE ID

CVE-2023-22917

Дефекты

CWE-120