Multiple ZyWALL USG Products Remote Security Bypass Vulnerability Network Vulnerability

Summary

Multiple ZyWALL USG products are prone to a security-bypass vulnerability. Successful exploits may allow attackers to bypass certain security restrictions and perform unauthorized actions. Note: Reportedly, the firmware is also prone to a weakness that allows password-protected upgrade files to be decrypted with a known plaintext attack. The following products are vulnerable: ZyWALL USG-20 ZyWALL USG-20W ZyWALL USG-50 ZyWALL USG-100 ZyWALL USG- 200 ZyWALL USG-300 ZyWALL USG-1000 ZyWALL USG-1050 ZyWALL USG-2000

Solution

Reportedly, the issue is fixed however, Symantec has not confirmed this. Please contact the vendor for more information.

References

http://www.redteam-pentesting.de/en/advisories/rt-sa-2011-003/-authentication-bypass-in-configuration-import-and-export-of-zyxel-zywall-usg-appliances
http://www.zyxel.in
https://www.securityfocus.com/bid/47707

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 2.6 AV:N/AC:H/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Nikto (NASL wrapper)
Manx Multiple Cross Site Scripting and Directory Traversal Vulnerabilities
MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability
Open Ticket Request System (OTRS) 'AgentTicketZoom' Cross-site scripting Vulnerability
MediaWiki Cross Site Request Forgery Vulnerability

Take action and discover your vulnerabilities