Vulnerability Description
An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zyxel | Gs1200-5 Firmware | < 2.00\(abkm.1\) |
| Zyxel | Gs1200-5 | - |
| Zyxel | Gs1200-5Hp Firmware | < 2.00\(abkn.1\) |
| Zyxel | Gs1200-5Hp | - |
| Zyxel | Gs1200-8 Firmware | < 2.00\(abme.1\) |
| Zyxel | Gs1200-8 | - |
| Zyxel | Gs1200-8Hp Firmware | < 2.00\(abmf.1\) |
| Zyxel | Gs1200-8Hp | - |
Related Weaknesses (CWE)
References
- https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnPatchVendor Advisory
- https://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnPatchVendor Advisory
FAQ
What is CVE-2022-0823?
CVE-2022-0823 is a vulnerability with a CVSS score of 6.2 (MEDIUM). An improper control of interaction frequency vulnerability in Zyxel GS1200 series switches could allow a local attacker to guess the password by using a timing side-channel attack.
How severe is CVE-2022-0823?
CVE-2022-0823 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-0823?
Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Gs1200-5 Firmware, Zyxel Gs1200-5, Zyxel Gs1200-5Hp Firmware, Zyxel Gs1200-5Hp, Zyxel Gs1200-8 Firmware.