Zyxel security advisory for insufficiently protected credentials vulnerability in firewalls

CVE: CVE-2024-9677
Summary

Zyxel has released patches for USG FLEX H series firewalls affected by an insufficiently protected credentials vulnerability. Users are advised to install them for optimal protection.

What is the vulnerability?

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series firewalls could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified only one vulnerable series of products within the vulnerability support period and released patches to address the vulnerability, as shown in the table below.


Firewall series Affected version Patch availability
USG FLEX H uOS V1.21 and earlier uOS V1.30
Got a question?

Please contact your local service rep or visit Zyxel’s Community for further information or assistance.

Acknowledgment

Thanks to Alessandro Sgreccia from HackerHood for reporting the issue to us.

Revision history

2024-10-22: Initial release.