Best News Network

Zyxel urges customers to patch critical firewall bypass vulnerability | ZDNet

Zyxel is urging customers to immediately patch a critical vulnerability in the vendor’s firewall software.  

In a security advisory published this week, the Taiwanese networking giant said the security flaw can lead to the circumvention of firewall protection in Zyxel USG, ZyWALL, FLEX, ATP, VPN, and NSG product lines. 

Tracked as CVE-2022-0342 and issued a critical severity score of 9.8, the vulnerability is described as an “authentication bypass” caused by a proper access control mechanism failure.

The bug is present in a number of CGI programs embedded in firewall software. 

“The flaw could allow an attacker to bypass the authentication and obtain administrative access of the device,” Zyxel says. 

The following firmware is impacted: 

  • USG/ZyWALL: versions 4.20 through 4.70
  • USG FLEX: versions 4.50 through 5.20
  • ATP: versions 4.32 through 5.20
  • VPN: versions 4.30 through 5.20
  • NSG: versions 1.20 through 1.33 (Patch 4)

Zyxel has released patches for impacted software and users should upgrade their builds to protected versions as soon as possible. The vendor notes that after investigating the vulnerability, patches have been made available for products in their support period. Legacy product users should be aware that they may be vulnerable. 

Alessandro Sgreccia from Tecnical Service SrL, alongside Innotec Security’s Roberto Garcia and Victor Garcia have been credited for reporting the bug. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Stay connected with us on social media platform for instant update click here to join our  Twitter, & Facebook

We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.