“These devices are deployed in all sorts of residential and business networks, both large and small. ![]() This implementation introduces an OS command injection vector, as the command construction process can be influenced by user-controllable input, and there is no data sanitization.” CVE-2023-28771 exploitedĮxploitation attempts started around May 25 and are being tracked by various cybersecurity companies and organizations.Ĭensys pinpointed 21,210 potentially vulnerable devices around the world, but predominantly in Europe (i.e., Italy, France, and Switzerland). This echo command is subsequently executed through a system() call, writing the output to a file in /tmp. Instead of employing a secure file handling mechanism by opening up a file handle and writing data to that handle, Zyxel chose a different approach: They constructed an “echo” command by incorporating user-controlled input data. “This vulnerability stems from a problematic logging function. But since IKE is the only known protocol where the path to this vulnerability can be triggered, it’s much more likely that only the Zyxel devices that are running IKE are actually vulnerable to this attack,” Censys researchers explained. ![]() “While Internet Key Exchange (IKE) is the protocol used to initiate this exploit, it’s not a vulnerability in IKE itself, but it seems to be a result of this rogue debugging function that shouldn’t have made it into a production build of the firmware. ![]() About CVE-2023-28771ĬVE-2023-28771 is a vulnerability that allows unauthenticated attackers to execute OS commands remotely by sending crafted IKE (Internet Key Exchange) packets to an affected device.įixed by Zyxel in April 2023, it was expected to be quickly exploited by attackers once technical write-ups and PoCs are made public – and so it happened. CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |