Zyxel Releases Advisory for Exploited Vulnerability CVE-2024-11667
A high severity vulnerability could allow an attacker to upload and download files
Summary
A high severity vulnerability could allow an attacker to upload and download files
Affected platforms
The following platforms are known to be affected:
Threat details
Exploitation of CVE-2024-11667
Zyxel states that CVE-2024-11667 is under exploitation.
SSLVPN and firewall appliances are internet-facing by design and frequent targets for cyber threat groups. Vulnerabilities in SSLVPN and firewall appliances are often exploited soon after official disclosure and broader exploitation is expected.
Introduction
Zyxel has released a security advisory addressing recent targeting of its firewall products. Attackers have been observed exploiting vulnerabilities patched in September (see Cyber Alert CC-4541) and a previously undisclosed high severity vulnerability.
CVE-2024-11667 is a path traversal vulnerability and has a CVSSv3 score of 7.5. If exploited, an attacker could download or upload files via a specially crafted URL. The vulnerability is in the ZLD firewall firmware, which is present on several product lines.
The vulnerability was patched in the latest ZLD firewall firmware version 5.39. An device that has been updated to the latest version since September 2024 should not be vulnerable.
Remediation advice
Affected organisations are encouraged to review Zyxel's security advisories and apply the relevant updates. If an update cannot be applied, affected organisations are encouraged to disable remote access where possible and review Zyxel's guidance on 'Best Practices to Secure a Distributed Network Infrastructure'.
Definitive source of threat updates
Last edited: 2 December 2024 4:14 pm