Lucene search

[email protected]CVE-2023-27990

HistoryApr 24, 2023 - 6:15 p.m.

CVE-2023-27990

2023-04-2418:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-27990

xss vulnerability

zyxel atp

usg flex

firmware

admin privileges

malicious scripts

execution

gui logs page

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

The cross-site scripting (XSS) vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device.

Affected configurations

NVD

Node

zyxelatp200Match-

AND

zyxelatp200_firmwareRange4.32–5.36

Node

zyxelatp100_firmwareRange4.32–5.36

AND

zyxelatp100Match-

Node

zyxelatp700_firmwareRange4.32–5.36

AND

zyxelatp700Match-

Node

zyxelatp500_firmwareRange4.32–5.36

AND

zyxelatp500Match-

Node

zyxelatp100w_firmwareRange4.32–5.36

AND

zyxelatp100wMatch-

Node

zyxelatp800_firmwareRange4.32–5.36

AND

zyxelatp800Match-

Node

zyxelusg_flex_100_firmwareRange4.50–5.36

AND

zyxelusg_flex_100Match-

Node

zyxelusg_flex_50_firmwareRange4.50–5.36

AND

zyxelusg_flex_50Match-

Node

zyxelusg_flex_200_firmwareRange4.50–5.36

AND

zyxelusg_flex_200Match-

Node

zyxelusg_flex_500_firmwareRange4.50–5.36

AND

zyxelusg_flex_500Match-

Node

zyxelusg_flex_700_firmwareRange4.50–5.36

AND

zyxelusg_flex_700Match-

Node

zyxelusg_flex_100w_firmwareRange4.50–5.36

AND

zyxelusg_flex_100wMatch-

Node

zyxelusg_20w-vpn_firmwareRange4.16–5.36

AND

zyxelusg_20w-vpnMatch-

Node

zyxelusg_flex_50w_firmwareRange4.16–5.36

AND

zyxelusg_flex_50wMatch-

Node

zyxelusg20-vpn_firmwareRange4.30–5.36

AND

zyxelusg20-vpnMatch-

Node

zyxelvpn100_firmwareRange4.30–5.36

AND

zyxelvpn100Match-

Node

zyxelvpn1000_firmwareRange4.30–5.36

AND

zyxelvpn1000Match-

Node

zyxelvpn300_firmwareRange4.30–5.36

AND

zyxelvpn300Match-

Node

zyxelvpn50_firmwareRange4.30–5.36

AND

zyxelvpn50Match-

CPENameOperatorVersion
zyxel:atp200_firmwarezyxel atp200 firmwarelt5.36

CPE	Name	Operator	Version
zyxel:atp200_firmware	zyxel atp200 firmware	lt	5.36

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "ATP series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.32 through 5.35"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.50 through 5.35"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG FLEX 50(W) firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.16 through 5.35"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "USG20(W)-VPN firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.16 through 5.35"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VPN series firmware",
    "vendor": "Zyxel",
    "versions": [
      {
        "status": "affected",
        "version": "4.30 through 5.35"
      }
    ]
  }
]

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-xss-vulnerability-and-post-authentication-command-injection-vulnerability-in-firewalls

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.7%

JSON

Related for CVE-2023-27990

cvelist1 nvd1 prion1