We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-4398



Description

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30 through 5.37, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet.

Reserved 2023-08-17 | Published 2023-11-28 | Updated 2024-10-17 | Assigner Zyxel


HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-190 Integer Overflow or Wraparound

Product status

Default status
unaffected

versions 4.32 through 5.37
affected

Default status
unaffected

versions 4.50 through 5.37
affected

Default status
unaffected

versions 4.16 through 5.37
affected

Default status
unaffected

versions 4.16 through 5.37
affected

Default status
unaffected

versions 4.30 through 5.37
affected

References

www.zyxel.com/...ltiple-vulnerabilities-in-firewalls-and-aps vendor-advisory

cve.org (CVE-2023-4398)

nvd.nist.gov (CVE-2023-4398)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2023-4398

Support options

Helpdesk Chat, Email, Knowledgebase