Security News > 2023 > June > Zyxel shares tips on protecting firewalls from ongoing attacks

Zyxel shares tips on protecting firewalls from ongoing attacks
2023-06-03 14:06

Zyxel has published a security advisory containing guidance on protecting firewall and VPN devices from ongoing attacks and detecting signs of exploitation.

This warning comes in response to multiple reports of widespread exploitation of the CVE-2023-28771 and the exploitability and severity of CVE-2023-33009 and CVE-2023-33010, all impacting Zyxel VPN and firewall devices.

"Zyxel has been urging users to install the patches through multiple channels, including issuing several security advisory newsletters to registered users and advisory subscribers; notifying users to upgrade via the Web GUI's push notification for on-premises devices; and enforcing scheduled firmware upgrades for cloud-based devices that haven't yet done so," warns Zyxel's security advisory.

If admins need to manage devices over WAN, they should enable 'Policy Control' and add rules allowing only trusted IP addresses to access the devices.

Finally, Zyxel recommends disabling UDP Port 500 and Port 4500 if IPSec VPN isn't needed, shutting another avenue for attacks.

It is important to remember that attacks against the listed products are currently underway, and they're only expected to increase in volume and severity, so taking action to protect your devices as soon as possible is imperative.


News URL

https://www.bleepingcomputer.com/news/security/zyxel-shares-tips-on-protecting-firewalls-from-ongoing-attacks/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-05-24 CVE-2023-33010 Classic Buffer Overflow vulnerability in Zyxel products
A buffer overflow vulnerability in the ID processing function in Zyxel ATP series firmware versions 4.32 through 5.36 Patch 1, USG FLEX series firmware versions 4.50 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.25 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.25 through 5.36 Patch 1, VPN series firmware versions 4.30 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.25 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
network
low complexity
zyxel CWE-120
critical
9.8
2023-05-24 CVE-2023-33009 Classic Buffer Overflow vulnerability in Zyxel products
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device.
network
low complexity
zyxel CWE-120
critical
9.8
2023-04-25 CVE-2023-28771 OS Command Injection vulnerability in Zyxel products
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
network
low complexity
zyxel CWE-78
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Zyxel 485 3 121 77 45 246