The
U.S.
Cybersecurity
and
Infrastructure
Security
Agency
(CISA)
on
Monday
placed
two
recently
disclosed
flaws
in
Zyxel
firewalls
to
its
Known
Exploited
Vulnerabilities
(KEV)
catalog,
based
on
evidence
of
active
exploitation.
The
vulnerabilities,
tracked
as
CVE-2023-33009
and
CVE-2023-33010,
are
buffer
overflow
vulnerabilities
that
could
enable
an
unauthenticated
attacker
to
cause
a
denial-of-service
(DoS)
condition
and
remote
code
execution.
Patches
to
plug
the
security
holes
were
released
by
Zyxel
on
May
24,
2023.
The
following
list
of
devices
are
affected
–
-
ATP
(versions
ZLD
V4.32
to
V5.36
Patch
1,
patched
in
ZLD
V5.36
Patch
2) -
USG
FLEX
(versions
ZLD
V4.50
to
V5.36
Patch
1,
patched
in
ZLD
V5.36
Patch
2) -
USG
FLEX50(W)
/
USG20(W)-VPN
(versions
ZLD
V4.25
to
V5.36
Patch
1,
patched
in
ZLD
V5.36
Patch
2) -
VPN
(versions
ZLD
V4.30
to
V5.36
Patch
1,
patched
in
ZLD
V5.36
Patch
2),
and -
ZyWALL/USG
(versions
ZLD
V4.25
to
V4.73
Patch
1,
patched
in
ZLD
V4.73
Patch
2)
While
the
exact
nature
of
the
attacks
is
unknown,
the
development
comes
days
after
another
flaw
in
Zyxel
firewalls
(CVE-2023-28771)
has
been
actively
exploited
to
ensnare
susceptible
devices
into
a
Mirai
botnet.
UPCOMING
WEBINAR
🔐
Mastering
API
Security:
Understanding
Your
True
Attack
Surface
Discover
the
untapped
vulnerabilities
in
your
API
ecosystem
and
take
proactive
steps
towards
ironclad
security.
Join
our
insightful
webinar!
Federal
Civilian
Executive
Branch
(FCEB)
agencies
are
required
to
remediate
identified
vulnerabilities
by
June
26,
2023,
to
secure
their
networks
against
possible
threats.
Zyxel,
in
a
new
guidance
issued
last
week,
is
also
urging
customers
to
disable
HTTP/HTTPS
services
from
WAN
unless “absolutely”
required
and
disable
UDP
ports
500
and
4500
if
not
in
use.
The
development
also
comes
as
the
Taiwanese
company
fixes
for
two
flaws
in
GS1900
series
switches
(CVE-2022-45853)
and
4G
LTE
and
5G
NR
outdoor
routers
(CVE-2023-27989)
that
could
result
in
privilege
escalation
and
denial-of-service
(DoS).
