CVE-2023-5960

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps	Vendor Advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:zyxel:usg_flex_100:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_100w:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_200:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_50:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_500:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_50w:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_700:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:zyxel:vpn100:-:::::::*
	cpe:2.3:h:zyxel:vpn1000:-:::::::*
	cpe:2.3:h:zyxel:vpn300:-:::::::*
	cpe:2.3:h:zyxel:vpn50:-:::::::*

History

21 Nov 2024, 08:42

Type	Values Removed	Values Added
References	~~() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps - Vendor Advisory~~	() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps - Vendor Advisory

01 Dec 2023, 21:43

Type	Values Removed	Values Added
References	~~() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps -~~	() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps - Vendor Advisory
First Time		Zyxel zld Zyxel usg Flex 500 Zyxel vpn50 Zyxel vpn100 Zyxel usg Flex 200 Zyxel vpn1000 Zyxel usg Flex 100w Zyxel usg Flex 700 Zyxel vpn300 Zyxel usg Flex 50w Zyxel usg Flex 100 Zyxel usg Flex 50 Zyxel
CPE		cpe:2.3:h:zyxel:vpn1000:-:::::::* cpe:2.3:h:zyxel:usg_flex_100w:-:::::::* cpe:2.3:h:zyxel:vpn300:-:::::::* cpe:2.3:h:zyxel:usg_flex_50w:-:::::::* cpe:2.3:h:zyxel:vpn100:-:::::::* cpe:2.3:h:zyxel:usg_flex_50:-:::::::* cpe:2.3:o:zyxel:zld:::::::: cpe:2.3:h:zyxel:vpn50:-:::::::* cpe:2.3:h:zyxel:usg_flex_100:-:::::::* cpe:2.3:h:zyxel:usg_flex_700:-:::::::* cpe:2.3:h:zyxel:usg_flex_500:-:::::::* cpe:2.3:h:zyxel:usg_flex_200:-:::::::*

28 Nov 2023, 03:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-11-28 03:15

Updated : 2024-11-21 08:42

NVD link : CVE-2023-5960

Mitre link : CVE-2023-5960

CVE.ORG link : CVE-2023-5960

JSON object : View

Products Affected

zyxel

vpn1000
vpn50
usg_flex_500
usg_flex_100w
usg_flex_200
vpn100
usg_flex_50
vpn300
usg_flex_50w
usg_flex_700
usg_flex_100
zld

CWE

CWE-269

Improper Privilege Management

5.5 /10