FKIE_CVE-2023-28768
Vulnerability from fkie_nvd - Published: 2023-08-14 17:15 - Updated: 2024-11-21 07:55
Severity ?
Summary
Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| zyxel | xgs2220-30_firmware | 4.80\(abxn.1\) | |
| zyxel | xgs2220-30 | - | |
| zyxel | xgs2220-30f_firmware | 4.80\(abye.1\) | |
| zyxel | xgs2220-30f | - | |
| zyxel | xgs2220-30hp_firmware | 4.80\(abxo.1\) | |
| zyxel | xgs2220-30hp | - | |
| zyxel | xgs2220-54_firmware | 4.80\(abxp.1\) | |
| zyxel | xgs2220-54 | - | |
| zyxel | xgs2220-54fp_firmware | 4.80\(acce.1\) | |
| zyxel | xgs2220-54fp | - | |
| zyxel | xgs2220-54hp_firmware | 4.80\(abxq.1\) | |
| zyxel | xgs2220-54hp | - | |
| zyxel | xmg1930-30_firmware | 4.80\(acar.1\) | |
| zyxel | xmg1930-30 | - | |
| zyxel | xmg1930-30hp_firmware | 4.80\(acas.1\) | |
| zyxel | xmg1930-30hp | - | |
| zyxel | xs1930-10_firmware | 4.80\(abqe.1\) | |
| zyxel | xs1930-10 | - | |
| zyxel | xs1930-12f_firmware | 4.80\(abzv.1\) | |
| zyxel | xs1930-12f | - | |
| zyxel | xs1930-12hp_firmware | 4.80\(abqf.1\) | |
| zyxel | xs1930-12hp | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xgs2220-30_firmware:4.80\\(abxn.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "A2EEDB89-057E-4FA4-99BF-4A85C63B05B3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xgs2220-30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4F2BEA8-4817-4E14-B5B1-901671AD5E67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xgs2220-30f_firmware:4.80\\(abye.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AEE3D04C-A256-43D8-B1CB-5D2F8308F48D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xgs2220-30f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7A53E4C3-77BD-4646-8B78-9E3A77585779",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xgs2220-30hp_firmware:4.80\\(abxo.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "318E9F6B-2D24-4FAD-86D6-CEEF5B69A606",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xgs2220-30hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7ACCEDBD-3152-4549-9F80-C12715A51BE3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xgs2220-54_firmware:4.80\\(abxp.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "827B19A6-3006-46EF-8A5A-C5800428A0A9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xgs2220-54:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51B14340-165C-407D-B609-B17C44A90D4F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xgs2220-54fp_firmware:4.80\\(acce.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "145E79B5-559E-4701-8232-E37665646947",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xgs2220-54fp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7E578CCE-7347-4A9D-A8F2-ADEF6B37BDA2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xgs2220-54hp_firmware:4.80\\(abxq.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "3F704060-74A6-4E63-B15F-D93D4B5ECC88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xgs2220-54hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AF030C04-7B74-4B23-8CE9-2D78403B188E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xmg1930-30_firmware:4.80\\(acar.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E53CFC62-7077-41D2-8749-CDCCE9E021D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xmg1930-30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58D71444-A727-4B2A-AB17-3BC790829072",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xmg1930-30hp_firmware:4.80\\(acas.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "65963F09-74C2-4EA3-8DC8-D8C4EEC36538",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xmg1930-30hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42C2DF2C-0060-45A3-99A3-0B5A37CCC241",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xs1930-10_firmware:4.80\\(abqe.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "D037CF12-2F62-46AE-AEC0-8BFD94FBEAD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xs1930-10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F675B520-4F05-41D6-ADDF-C26A9C427A55",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xs1930-12f_firmware:4.80\\(abzv.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "AD3211B9-2B47-4328-AA29-E366A6D238DF",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xs1930-12f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB74204B-D5FB-44C6-A59C-8133ECE9CD75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:zyxel:xs1930-12hp_firmware:4.80\\(abqf.1\\):*:*:*:*:*:*:*",
"matchCriteriaId": "E3E7BBA5-A534-45DE-A5C0-10EFEE929635",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:zyxel:xs1930-12hp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E2171AB-AE63-45F6-9B22-2F93C105B18D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version\u00a0V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch."
},
{
"lang": "es",
"value": "El manejo inadecuado de tramas en el firmware Zyxel XGS2220-30 versi\u00f3n V4.80(ABXN.1), firmware XMG1930-30 versi\u00f3n V4.80(ACAR.1), y firmware XS1930-10 versi\u00f3n V4.80(ABQE.1) podr\u00eda permitir a un atacante no autenticado basado en LAN provocar condiciones de denegaci\u00f3n de servicio (DoS) enviando tramas manipuladas a un conmutador afectado."
}
],
"id": "CVE-2023-28768",
"lastModified": "2024-11-21T07:55:58.267",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@zyxel.com.tw",
"type": "Secondary"
}
]
},
"published": "2023-08-14T17:15:10.157",
"references": [
{
"source": "security@zyxel.com.tw",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-xgs2220-xmg1930-and-xs1930-series-switches"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-xgs2220-xmg1930-and-xs1930-series-switches"
}
],
"sourceIdentifier": "security@zyxel.com.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "security@zyxel.com.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…