CVE-2023-5960 - OpenCVE

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zyxel	Usg Flex 100 Usg Flex 100w Usg Flex 200 Usg Flex 50 Usg Flex 500 Usg Flex 50w Usg Flex 700 Vpn100 Vpn1000 Vpn300 Vpn50 Zld

Configuration 1 [-]

AND

cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:zyxel:usg_flex_100:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_100w:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_200:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_50:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_500:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_50w:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_700:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:zyxel:vpn100:-:::::::*
	cpe:2.3:h:zyxel:vpn1000:-:::::::*
	cpe:2.3:h:zyxel:vpn300:-:::::::*
	cpe:2.3:h:zyxel:vpn50:-:::::::*

No data.

References

Link	Providers
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

History

No history.

MITRE

Status: PUBLISHED

Assigner: Zyxel

Published: 2023-11-28T02:05:45.830Z

Updated: 2024-08-02T08:14:25.225Z

Reserved: 2023-11-06T01:35:33.602Z

Link: CVE-2023-5960

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-11-28T03:15:07.310

Modified: 2023-12-01T21:43:59.323

Link: CVE-2023-5960

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5960", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "state": "PUBLISHED", "assignerShortName": "Zyxel", "dateReserved": "2023-11-06T01:35:33.602Z", "datePublished": "2023-11-28T02:05:45.830Z", "dateUpdated": "2024-08-02T08:14:25.225Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "USG FLEX series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "versions 4.50 through 5.37"}]}, {"defaultStatus": "unaffected", "product": "VPN series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "versions 4.30 through 5.37"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device."}], "value": "An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2023-11-28T02:05:45.830Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:25.225Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "matchCriteriaId": "03FAEFC8-186B-4B52-869F-DA27224692C0", "versionEndIncluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zld:*:*:*:*:*:*:*:*", "matchCriteriaId": "549A6FE1-25D6-4239-87B6-B729C098C625", "versionEndIncluding": "5.37", "versionStartIncluding": "4.30", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:vpn100:-:*:*:*:*:*:*:*", "matchCriteriaId": "81D90A7B-174F-40A1-8AF4-08B15B7BAC40", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:vpn1000:-:*:*:*:*:*:*:*", "matchCriteriaId": "EECD311A-4E96-4576-AADF-47291EDE3559", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:vpn300:-:*:*:*:*:*:*:*", "matchCriteriaId": "3C45C303-1A95-4245-B242-3AB9B9106CD4", "vulnerable": false}, {"criteria": "cpe:2.3:h:zyxel:vpn50:-:*:*:*:*:*:*:*", "matchCriteriaId": "9E3AC823-0ECA-42D8-8312-2FBE5914E4C0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device."}, {"lang": "es", "value": "Una vulnerabilidad de administraci\u00f3n de privilegios inadecuada en la funci\u00f3n de punto de acceso de las versiones de firmware de la serie Zyxel USG FLEX 4.50 a 5.37 y las versiones de firmware de la serie VPN 4.30 a 5.37 podr\u00eda permitir que un atacante local autenticado acceda a los archivos del sistema en un dispositivo afectado."}], "id": "CVE-2023-5960", "lastModified": "2023-12-01T21:43:59.323", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "security@zyxel.com.tw", "type": "Primary"}]}, "published": "2023-11-28T03:15:07.310", "references": [{"source": "security@zyxel.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "security@zyxel.com.tw", "type": "Primary"}]}