CVE-2023-22917 — HIGH (7.5)

Q: How severe is CVE-2023-22917?

CVE-2023-22917 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-22917?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Usg Flex 100 Firmware, Zyxel Usg Flex 100, Zyxel Usg Flex 100W Firmware, Zyxel Usg Flex 100W, Zyxel Usg Flex 200 Firmware.

Vulnerability Description

A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Zyxel	Usg Flex 100 Firmware	>= 5.00, <= 5.32
Zyxel	Usg Flex 100	-
Zyxel	Usg Flex 100W Firmware	>= 5.00, <= 5.32
Zyxel	Usg Flex 100W	-
Zyxel	Usg Flex 200 Firmware	>= 5.00, <= 5.32
Zyxel	Usg Flex 200	-
Zyxel	Usg Flex 50 Firmware	>= 5.00, <= 5.32
Zyxel	Usg Flex 50	-
Zyxel	Usg Flex 50W Firmware	>= 5.10, <= 5.32
Zyxel	Usg Flex 50W	-
Zyxel	Usg Flex 500 Firmware	>= 5.00, <= 5.32
Zyxel	Usg Flex 500	-
Zyxel	Usg Flex 700 Firmware	>= 5.00, <= 5.32
Zyxel	Usg Flex 700	-
Zyxel	Vpn100 Firmware	>= 5.00, <= 5.35
Zyxel	Vpn100	-
Zyxel	Vpn1000 Firmware	>= 5.00, <= 5.35
Zyxel	Vpn1000	-
Zyxel	Vpn300 Firmware	>= 5.00, <= 5.35
Zyxel	Vpn300	-

Related Weaknesses (CWE)

CWE-120

References

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisVendor Advisory

FAQ

What is CVE-2023-22917?

CVE-2023-22917 is a vulnerability with a CVSS score of 7.5 (HIGH). A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware ve...

How severe is CVE-2023-22917?

CVE-2023-22917 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-22917?

Check the references section above for vendor advisories and patch information. Affected products include: Zyxel Usg Flex 100 Firmware, Zyxel Usg Flex 100, Zyxel Usg Flex 100W Firmware, Zyxel Usg Flex 100W, Zyxel Usg Flex 200 Firmware.