{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-6764", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "state": "PUBLISHED", "assignerShortName": "Zyxel", "dateReserved": "2023-12-13T08:39:31.993Z", "datePublished": "2024-02-20T02:14:09.814Z", "dateUpdated": "2024-08-02T08:42:07.430Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "ATP series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "version 4.32 through 5.37 Patch 1"}]}, {"defaultStatus": "unaffected", "product": "USG FLEX series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "version 4.50 through 5.37 Patch 1"}]}, {"defaultStatus": "unaffected", "product": "USG FLEX 50(W) series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "version 4.16 through 5.37 Patch 1"}]}, {"defaultStatus": "unaffected", "product": "USG20(W)-VPN series firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "version 4.16 through 5.37 Patch 1"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n"}], "value": "\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2024-02-20T02:14:09.814Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "zyxel", "product": "atp_firmware", "cpes": ["cpe:2.3:o:zyxel:atp_firmware:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.32", "status": "affected", "lessThanOrEqual": "5.37patch1", "versionType": "custom"}]}, {"vendor": "zyxel", "product": "usg_flex_firmware", "cpes": ["cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.50", "status": "affected", "lessThanOrEqual": "5.37patch1", "versionType": "custom"}]}, {"vendor": "zyxel", "product": "usg_flex_50w_firmware", "cpes": ["cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.16", "status": "affected", "lessThanOrEqual": "5.37patch1", "versionType": "custom"}]}, {"vendor": "zyxel", "product": "usg_20w-vpn_firmware", "cpes": ["cpe:2.3:o:zyxel:usg_20w-vpn_firmware:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.16", "status": "affected", "lessThanOrEqual": "5.37patch1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-01T05:01:05.440386Z", "id": "CVE-2023-6764", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-27T20:53:09.347Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:07.430Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:42:07.430Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-6764", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-03-01T05:01:05.440386Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:zyxel:atp_firmware:-:*:*:*:*:*:*:*"], "vendor": "zyxel", "product": "atp_firmware", "versions": [{"status": "affected", "version": "4.32", "versionType": "custom", "lessThanOrEqual": "5.37patch1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:zyxel:usg_flex_firmware:-:*:*:*:*:*:*:*"], "vendor": "zyxel", "product": "usg_flex_firmware", "versions": [{"status": "affected", "version": "4.50", "versionType": "custom", "lessThanOrEqual": "5.37patch1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:zyxel:usg_flex_50w_firmware:-:*:*:*:*:*:*:*"], "vendor": "zyxel", "product": "usg_flex_50w_firmware", "versions": [{"status": "affected", "version": "4.16", "versionType": "custom", "lessThanOrEqual": "5.37patch1"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:zyxel:usg_20w-vpn_firmware:-:*:*:*:*:*:*:*"], "vendor": "zyxel", "product": "usg_20w-vpn_firmware", "versions": [{"status": "affected", "version": "4.16", "versionType": "custom", "lessThanOrEqual": "5.37patch1"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-27T20:52:43.587Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Zyxel", "product": "ATP series firmware", "versions": [{"status": "affected", "version": "version 4.32 through 5.37 Patch 1"}], "defaultStatus": "unaffected"}, {"vendor": "Zyxel", "product": "USG FLEX series firmware", "versions": [{"status": "affected", "version": "version 4.50 through 5.37 Patch 1"}], "defaultStatus": "unaffected"}, {"vendor": "Zyxel", "product": "USG FLEX 50(W) series firmware", "versions": [{"status": "affected", "version": "version 4.16 through 5.37 Patch 1"}], "defaultStatus": "unaffected"}, {"vendor": "Zyxel", "product": "USG20(W)-VPN series firmware", "versions": [{"status": "affected", "version": "version 4.16 through 5.37 Patch 1"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n", "supportingMedia": [{"type": "text/html", "value": "\n\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-134", "description": "CWE-134 Use of Externally-Controlled Format String"}]}], "providerMetadata": {"orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel", "dateUpdated": "2024-02-20T02:14:09.814Z"}}}, "cveMetadata": {"cveId": "CVE-2023-6764", "state": "PUBLISHED", "dateUpdated": "2024-08-02T08:42:07.430Z", "dateReserved": "2023-12-13T08:39:31.993Z", "assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "datePublished": "2024-02-20T02:14:09.814Z", "assignerShortName": "Zyxel"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "22B1CC86-551C-4CF1-9905-22D983C87B0C", "versionEndExcluding": "5.37", "versionStartIncluding": "4.32", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "121E2131-A6CB-4714-BD0B-9CDBFF924F10", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:atp100_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "C4AA7A4F-E00F-4CFA-8B4F-305BEC37F0B8", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp100:-:*:*:*:*:*:*:*", "matchCriteriaId": "7F7654A1-3806-41C7-82D4-46B0CD7EE53B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9E4D7828-078E-4418-9F04-302FC7F8BB25", "versionEndExcluding": "5.37", "versionStartIncluding": "4.32", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "F750721F-73AD-4BDD-A407-72D8DEB30C68", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:atp100w_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "069E7437-BF71-4F73-8C0A-44DC9804492B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp100w:-:*:*:*:*:*:*:*", "matchCriteriaId": "47398FD0-6C5E-4625-9EFD-DE08C9AB7DB2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "67DC678C-8CA1-4289-A69B-435FE3374BCD", "versionEndExcluding": "5.37", "versionStartIncluding": "4.32", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "B20F854E-486D-46C0-90C8-81153573FEF1", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:atp200_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "DE71538C-16FD-43B1-B6CD-EB5988AFB7BF", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp200:-:*:*:*:*:*:*:*", "matchCriteriaId": "D68A36FF-8CAF-401C-9F18-94F3A2405CF4", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B5C9B7E5-F548-4F9F-8CA7-20B7D41DF0AC", "versionEndExcluding": "5.37", "versionStartIncluding": "4.32", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "9E8933B8-F66E-4667-955E-DB5486534C5A", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:atp500_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "6F694EDC-DEF2-47D4-BCF0-32972EF8CEA1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp500:-:*:*:*:*:*:*:*", "matchCriteriaId": "2818E8AC-FFEE-4DF9-BF3F-C75166C0E851", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E1974D6-04C1-4135-812D-6901712940EE", "versionEndExcluding": "5.37", "versionStartIncluding": "4.32", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "0E3E890B-8BDE-4C22-BFF7-B87495C71C48", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:atp700_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "3037AE20-8F8B-4656-9534-6436A8AEA8C9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp700:-:*:*:*:*:*:*:*", "matchCriteriaId": "0B41F437-855B-4490-8011-DF59887BE6D5", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:atp800_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "21C4C98F-B383-4F2F-B84E-3C6DDD8437DB", "versionEndExcluding": "5.37", "versionStartIncluding": "4.32", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "67FA1CEC-DED7-46D4-A4FC-780431B3EE2B", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:atp800_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "DFD1CE91-B72C-4589-9A5F-F1164C0193AB", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:atp800:-:*:*:*:*:*:*:*", "matchCriteriaId": "66B99746-0589-46E6-9CBD-F38619AD97DC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D66CA5F-C85F-4D69-8F82-BDCF6FCB905C", "versionEndExcluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "DF266069-4FA5-4343-B62C-0940A0C61566", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_100_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "99E0ECA5-7FE6-4E56-A741-E3260C99A43A", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100:-:*:*:*:*:*:*:*", "matchCriteriaId": "2B30A4C0-9928-46AD-9210-C25656FB43FB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CF216E5-870B-4C6E-9CFA-A5FB6F476CB0", "versionEndExcluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "395E8D72-E9F6-4923-B4DE-875D195B27F7", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_100ax_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "FCBEDDCD-A9F6-4E07-ADF8-B1E9C557CDEC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100ax:-:*:*:*:*:*:*:*", "matchCriteriaId": "03036815-04AE-4E39-8310-DA19A32CFA48", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C220BBFF-29A6-483B-9806-6A966625EFEE", "versionEndExcluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "45EEA203-C4E3-4916-A9E5-15AB994B53FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_100h_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "A21576D3-6A3F-451C-9B62-E0B0418D5529", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*", "matchCriteriaId": "ED28D5ED-B21A-4CD6-947E-9C21EA801B7D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "E5E31FC3-E2EC-4909-BF8D-86775AF4D4B5", "versionEndExcluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "DC61CF4F-74D5-4C96-8D8A-779436CF344D", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_100w_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "25EB6607-7241-4D01-BC87-3C3E62B27B6B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100w:-:*:*:*:*:*:*:*", "matchCriteriaId": "D74ABA7E-AA78-4A13-A64E-C44021591B42", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6EF9AA9-65D5-4D7B-A2BF-9150C6339282", "versionEndExcluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "8E4CC2FF-2BB1-43E8-A7AA-56A220705FE8", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_200_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "31206A47-4A01-4FB7-A0AA-E9D22C63941D", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_200:-:*:*:*:*:*:*:*", "matchCriteriaId": "F93B6A06-2951-46D2-A7E1-103D7318D612", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "69B29C9B-DB92-4DBD-9F83-1C9FABAC81B4", "versionEndExcluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "CBDE985D-B016-4303-8EE6-904C79F8FE82", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_200h_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "0ACD16E9-7EE0-4AD5-9D71-121AFAEF7947", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*", "matchCriteriaId": "09D15ECD-4942-407A-A62E-9785568C6B78", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "DCC129C3-AD72-44AE-B89D-5BF40559B9F4", "versionEndExcluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "9EE95AED-D8FB-44BD-856D-2F7A6DB2AABA", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_200hp_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "D764B87E-8B23-4C33-93BB-59B23CFEADBC", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*", "matchCriteriaId": "FD7E9028-1ECB-4D88-84D8-CFC589B429AE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "B221F5CD-C0C6-4917-AC15-FF1BA3904915", "versionEndExcluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "D9D7FBB8-C983-4EFA-90CB-EC5C6A26D112", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_500_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "5CDA1267-E136-4932-9627-B4D12DB17E27", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_500:-:*:*:*:*:*:*:*", "matchCriteriaId": "92C697A5-D1D3-4FF0-9C43-D27B18181958", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8ACA5C0-F9AC-4986-95CF-74A92DEAF45E", "versionEndExcluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "1D168F82-50CE-4E25-B1D9-B50F69463F5A", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_500h_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "9A0B9A2C-772B-4669-BC7C-71FA32B1B4EA", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*", "matchCriteriaId": "DE57BCA4-8631-460A-BFE3-BB765E5D009F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0FA43EB7-3F72-4250-BE9A-7449B8AEF90F", "versionEndExcluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "A1FEDD30-0B80-4F07-8475-156B9FE46883", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_700_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "3953AFFC-18E6-46AA-BC99-EA65726E4D9E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_700:-:*:*:*:*:*:*:*", "matchCriteriaId": "9D1396E3-731B-4D05-A3F8-F3ABB80D5C29", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D051AE62-28E7-4626-B5CB-F4B244260A0E", "versionEndExcluding": "5.37", "versionStartIncluding": "4.50", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "A5A45A9D-D9C7-495D-BD83-EE088746FD36", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_700h_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "606D09B9-0376-4277-9964-F0580D65C3E0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*", "matchCriteriaId": "8832743A-99FA-417E-BCE1-4BF7D4CEF9BE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "50C93BA9-E4F3-48F3-8D58-92409905AC03", "versionEndExcluding": "5.37", "versionStartIncluding": "4.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "5476C178-E553-44FC-854B-5851F0F28469", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_50_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "C2D65155-CDF2-4A99-94CA-D4B61B26D32C", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_50:-:*:*:*:*:*:*:*", "matchCriteriaId": "646C1F07-B553-47B0-953B-DC7DE7FD0F8B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7A2842FD-23CC-4E12-AF08-979035695E5F", "versionEndExcluding": "5.37", "versionStartIncluding": "4.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "DC8C2C47-FE8E-4496-9648-0B264A9A2EA0", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg_flex_50w_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "EEB68246-FD4B-4FB6-9140-63725EA24660", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_50w:-:*:*:*:*:*:*:*", "matchCriteriaId": "110A1CA4-0170-4834-8281-0A3E14FC5584", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E10984B-2ACA-4B15-AF74-F6E7D467DA8B", "versionEndExcluding": "5.37", "versionStartIncluding": "4.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "B0BFA01B-1328-4F96-AE56-D39416A54F0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg20-vpn_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "ABB0C1EC-512C-4A00-84C6-4F93FDD7739F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg20-vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "7239C54F-EC9E-44B4-AE33-1D36E5448219", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE25FC75-B93D-4010-A255-2AF732D47674", "versionEndExcluding": "5.37", "versionStartIncluding": "4.16", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:-:*:*:*:*:*:*", "matchCriteriaId": "D8470EFC-2AED-45A3-8F4E-CF8EB8EB43D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:zyxel:usg20w-vpn_firmware:5.37:patch1:*:*:*:*:*:*", "matchCriteriaId": "AFD0A4B7-5A6D-4DAE-9FA4-559F9932A92B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg20w-vpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "06D2AD3A-9197-487D-A267-24DE332CC66B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de cadena de formato en una funci\u00f3n de la funci\u00f3n VPN IPSec en las versiones de firmware de la serie Zyxel ATP de 4.32 a 5.37 Parche 1, versiones de firmware de la serie USG FLEX de 4.50 a 5.37 Parche 1, versiones de firmware de la serie USG FLEX 50(W) de 4.16 a 5.37 El parche 1 y las versiones de firmware de la serie USG20(W)-VPN desde 4.16 hasta 5.37. El parche 1 podr\u00eda permitir a un atacante lograr la ejecuci\u00f3n remota no autorizada de c\u00f3digo enviando una secuencia de payloads especialmente manipulados que contengan un puntero no v\u00e1lido; sin embargo, un ataque de este tipo requerir\u00eda un conocimiento detallado del dise\u00f1o y la configuraci\u00f3n de la memoria del dispositivo afectado."}], "id": "CVE-2023-6764", "lastModified": "2025-01-21T18:35:59.583", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security@zyxel.com.tw", "type": "Secondary"}]}, "published": "2024-02-20T03:15:07.870", "references": [{"source": "security@zyxel.com.tw", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-134"}], "source": "security@zyxel.com.tw", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-134"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}