Zyxel releases patches for critical vulnerability that allows firewall and VPN hijacks

Zyxel releases patches for critical vulnerability that can allow Firewall and VPN hijacks

Image:

Zyxel releases patches for critical vulnerability that can allow Firewall and VPN hijacks

Zyxel has assigned the vulnerability a score of 9.8 out of 10 to the bug which allows hackers to bypass authentication to gain administrative access

Zyxel, the Taiwanese network equipment vendor, has released patches to fix a critical security vulnerability that might allow an attacker to get admin-level access to a wide range of firewalls and VPN products sold by the company.

The security flaw, indexed as CVE-2022-0342, is an authentication bypass weakness caused by a lack of an appropriate access control mechanism in the common gateway interface (CGI) programme of specific firewall versions, the firm stated in an advisory published last week.

The issue affects the company's USG Flex, USG/Zy Wall, ATP VPN, and NSG (Nebula Security Gateway) range of enterprise VPN and firewall devices.

Zyxel has assigned the vulnerability a score of 9.8 out of 10, although the National Institute of Standards and Technology (NIST) has yet to assign a security rating to the bug.

According to the firm, the bug exists in the firmware of the USG FLEX series versions 4.50-5.20; USG/ZyWALL series versions 4.20-4.70; VPN series versions 4.30-5.20; APT series versions 4.32-5.20; and NSG series versions V1.20-V.133 Patch 4.

Zyxel has published a hotfix for NSG series equipment and aims to deliver a standard patch in May 2022.

The hardware devices listed above are most often used in small and mid-sized workplaces to combine network access with security components that may defend against malicious activities such as malware or phishing.

Users of the affected devices have been urged to install the updates as soon as possible, despite the fact that the vulnerability has not yet been exploited in the wild.

Zyxel credited Roberto Garcia H and Victor Garcia R from Innotec Security and Alessandro Sgreccia from Tecnical Service Srl for discovering the vulnerability and reporting it to the company.

Last week, Sophos also released patches for its firewall appliances to address a major authentication bypass weakness (CVE-2022-1040) in the Sophos Firewall User Portal and Webadmin that might enable a remote attacker to execute arbitrary code on affected systems.

According to Sophos, the weakness was used in active attacks against select entities in South Asia. Each of these organisations has been notified directly by the cybersecurity company.

The US Cybersecurity and Infrastructure Security Agency (CISA) has subsequently listed the flaw to its Known Exploited Vulnerabilities Catalog.

A high-severity arbitrary file upload flaw in Trend Micro's Apex Central product (CVE-2022-26871) has also been added to the list, which might enable an unauthenticated remote hacker to upload an arbitrary file, resulting in code execution.

Trend Micro has observed an active attempt of exploitation against this flaw in-the-wild in a very limited number of cases, and those customers have been alerted about it.

"All customers are strongly encouraged to update to the latest version as soon as possible," the firm added.