ZyWALL/USG devices are vulnerable to Bleichenbacher’s attacks on their IKEv1 implementation. Users are advised to upgrade to the latest available firmware for optimal protection.
What’s the vulnerability?
ZyWALL/USG devices have a security vulnerability in the Internet Key Exchange (IKE) handshake implementation used for their IPsec-based VPN connections. Attackers might be able to use this vulnerability to retrieve IKEv1 session keys and decrypt connections by using a chosen-ciphertext attack called Bleichenbacher's attack.
What products are vulnerable?
ZyWALL/USG series products
What should you do?
We strongly recommend that users of vulnerable products download the latest firmware for optimal network protection.
|Product series||Firmware patch|
|USG 20(W)-VPN/40(W)/60(W)/110/210/2200-VPN||ZLD4.32 available on https://portal.myzyxel.com/*|
|ZyWALL 110||ZLD4.32 available on https://portal.myzyxel.com/*|
|USG 310/1100/1900||Provided on demand. Contact your local support.|
|ZyWALL 310/1100||Provided on demand. Contact your local support.|
|ZyWALL VPN 50/100/300||ZLD4.31 patch 2 available on https://portal.myzyxel.com/*|
*Upon log-in, click “device management” and “firmware download” on the left-side menu and select your model from the dropdown menu.
Got a question or a tipoff?
Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact firstname.lastname@example.org and we’ll get right back to you.
Thanks to Dennis Felsch and Martin Grothe at Ruhr-University Bochum, Germany, for reporting this vulnerability to us.
Initial release 2018-08-13