Endpoint/Device Security, Security Architecture, Risk Assessments/Management, Breach

Zyxel firewall, VPN device vulnerabilities addressed

The Hacker News reports that Zyxel has released fixes for a critical security flaw impacting its USG/ZyWALL, USG FLEX, ATP, VPN, and NSG offerings. The vulnerability, tracked as CVE-2022-0342, is "an authentication bypass vulnerability caused by the lack of a proper access control mechanism has been found in the CGI program of some firewall versions," according to Zyxel, which added that exploitation of the bug could help attackers evade authentication and secure administrative access. Users of the impacted devices have been urged to immediately apply the patches even though it has yet to be exploited in the wild. Zyxel's security patches come after fixes from Sophos and SonicWall to address critical bugs on firewall appliances to facilitate arbitrary code execution. The Cybersecurity and Infrastructure Security Agency has already added the Sophos flaw, tracked as CVE-2022-1040, as well as a high-severity Trend Micro vulnerability, tracked as CVE-2022-26871, to its list of known exploited vulnerabilities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.