Actively exploited vulnerability

CVE-2023-28771: Zyxel Multiple Firewalls OS Command Injection Vulnerability

Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.

CISA KEV source 31 May 2023 added 21 Jun 2023 remediation due

Affected product

Zyxel ยท Multiple Firewalls

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply updates per vendor instructions.

Related Yasna coverage

Recent reporting that mentions CVE-2023-28771.