Multiple ZyWALL USG Products Remote Security Bypass Vulnerability Network Vulnerability

Summary

Multiple ZyWALL USG products are prone to a security-bypass vulnerability. Successful exploits may allow attackers to bypass certain security restrictions and perform unauthorized actions. Note: Reportedly, the firmware is also prone to a weakness that allows password-protected upgrade files to be decrypted with a known plaintext attack. The following products are vulnerable: ZyWALL USG-20 ZyWALL USG-20W ZyWALL USG-50 ZyWALL USG-100 ZyWALL USG- 200 ZyWALL USG-300 ZyWALL USG-1000 ZyWALL USG-1050 ZyWALL USG-2000

Solution

Reportedly, the issue is fixed however, Symantec has not confirmed this. Please contact the vendor for more information.

References

http://www.redteam-pentesting.de/en/advisories/rt-sa-2011-003/-authentication-bypass-in-configuration-import-and-export-of-zyxel-zywall-usg-appliances
http://www.zyxel.in
https://www.securityfocus.com/bid/47707

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Anti OpenVAS defenses
Bugzilla 'Install/Filesystem.pm' Information Disclosure Vulnerability
ownCloud Multiple Cross Site Scripting Vulnerabilities -03 May14
Bugzilla 'localconfig' Information Disclosure Vulnerability
Kusaba X Multiple Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities