The Hacker News reports that Zyxel has released fixes for a critical security flaw impacting its USG/ZyWALL, USG FLEX, ATP, VPN, and NSG offerings.
The vulnerability, tracked as CVE-2022-0342, is "an authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions," according to Zyxel, which added that exploitation of the bug could help attackers evade authentication and secure administrative access.
Users of the impacted devices have been urged to immediately apply the patches even though it has yet to be exploited in the wild.
Zyxel's security patches come after fixes from Sophos and SonicWall to address critical bugs on firewall appliances to facilitate arbitrary code execution.
The Cybersecurity and Infrastructure Security Agency has already added the Sophos flaw, tracked as CVE-2022-1040, as well as a high-severity Trend Micro vulnerability, tracked as CVE-2022-26871, to its list of known exploited vulnerabilities.
Endpoint/Device Security, Security Architecture, Risk Assessments/Management, Breach
Zyxel firewall, VPN device vulnerabilities addressed
Share
Related Terms
Anti-MalwareAntivirus SoftwareAttack VectorBring Your Own Device (BYOD)Data CustodianEndpoint SecurityEphemeral PortRegistryRiskRisk AssessmentGet daily email updates
SC Media's daily must-read of the most current and pressing daily news