{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5960", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "state": "PUBLISHED", "assignerShortName": "Zyxel", "dateReserved": "2023-11-06T01:35:33.602Z", "datePublished": "2023-11-28T02:05:45.830Z", "dateUpdated": "2024-08-02T08:14:25.225Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "USG FLEX series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "versions 4.50 through 5.37"}]}, {"defaultStatus": "unaffected", "product": "VPN series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "versions 4.30 through 5.37"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device."}], "value": "An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2023-11-28T02:05:45.830Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:25.225Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0", "versionEndIncluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625", "versionEndIncluding": "5.37", "versionStartIncluding": "4.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device."}, {"lang": "es", "value": "Una vulnerabilidad de administraci\u00f3n de privilegios inadecuada en la funci\u00f3n de punto de acceso de las versiones de firmware de la serie Zyxel USG FLEX 4.50 a 5.37 y las versiones de firmware de la serie VPN 4.30 a 5.37 podr\u00eda permitir que un atacante local autenticado acceda a los archivos del sistema en un dispositivo afectado."}], "id": "CVE-2023-5960", "lastModified": "2024-11-21T08:42:52.087", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security@zyxel.com.tw", "type": "Secondary"}]}, "published": "2023-11-28T03:15:07.310", "references": [{"source": "security@zyxel.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@zyxel.com.tw", "type": "Secondary"}]}

{}

{}