Summary
Multiple ZyWALL USG products are prone to a security-bypass vulnerability.
Successful exploits may allow attackers to bypass certain security restrictions and perform unauthorized actions.
Note: Reportedly, the firmware is also prone to a weakness that allows password-protected upgrade files to be decrypted with a known plaintext attack.
The following products are vulnerable:
ZyWALL USG-20 ZyWALL USG-20W ZyWALL USG-50 ZyWALL USG-100 ZyWALL USG- 200 ZyWALL USG-300 ZyWALL USG-1000 ZyWALL USG-1050 ZyWALL USG-2000
Solution
Reportedly, the issue is fixed
however, Symantec has not confirmed
this. Please contact the vendor for more information.
References
Severity
Classification
-
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- ownCloud Multiple Cross Site Scripting Vulnerabilities -02 May14
- phpGraphy 'theme_dir' Parameter Cross Site Scripting Vulnerability
- Bugzilla 'localconfig' Information Disclosure Vulnerability
- Apache Tomcat SecurityManager Security Bypass Vulnerability
- MODx Local File Include and Cross Site Scripting Vulnerabilities