exploitDog

GHSA-7pcw-5pmh-x8wr

Опубликовано: 28 нояб. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 5.5

Описание

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.

Ссылки

EPSS

Процентиль: 25%

0.00085

Низкий

5.5 Medium

CVSS3

CVE ID

Дефекты

CWE-20

Связанные уязвимости

CVE-2023-35136

CVSS3: 5.5

nvd

около 2 лет назад

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an authenticated local attacker to access configuration files on an affected device.

BDU:2023-08281

CVSS3: 5.5

fstec

больше 2 лет назад

Уязвимость пакета Quagga микропрограммного обеспечения сетевых устройств ZyXEL VPN, USG FLEX и ATP, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 25%

0.00085

Низкий

5.5 Medium

CVSS3

CVE ID

Дефекты

CWE-20