← back
CVE-2023-5797

CVE-2023-5797

CVSS 5.5 MEDIUMEPSS 0.2%CWE-269
An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, VPN series firmware versions 4.30 through 5.37, NWA50AX firmware version 6.29(ABYW.2), WAC500 firmware version 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware version 6.65(ACGG.1), could allow an authenticated local attacker to access the administrator’s logs on an affected device.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected products
Zyxel · ATP series firmwareZyxel · NWA50AX firmwareZyxel · USG20(W)-VPN series firmwareZyxel · USG FLEX 50(W) series firmwareZyxel · USG FLEX series firmwareZyxel · VPN series firmwareZyxel · WAC500 firmwareZyxel · WAX300H firmwareZyxel · WBE660S firmware

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps