From 313ccc0175230f349661b12b660e355863d8463d Mon Sep 17 00:00:00 2001 From: Zyxel PSIRT <86775651+zyxel-psirt@users.noreply.github.com> Date: Tue, 19 Jul 2022 13:42:09 +0800 Subject: [PATCH] Update CVE-2022-30526.json --- 2022/30xxx/CVE-2022-30526.json | 19 +------------------ 1 file changed, 1 insertion(+), 18 deletions(-) diff --git a/2022/30xxx/CVE-2022-30526.json b/2022/30xxx/CVE-2022-30526.json index d309cda9683..5215d56d370 100644 --- a/2022/30xxx/CVE-2022-30526.json +++ b/2022/30xxx/CVE-2022-30526.json @@ -1,18 +1 @@ -{ - "data_type": "CVE", - "data_format": "MITRE", - "data_version": "4.0", - "CVE_data_meta": { - "ID": "CVE-2022-30526", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" - }, - "description": { - "description_data": [ - { - "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." - } - ] - } -} \ No newline at end of file +{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"PSIRT@zyxel.com.tw","ID":"CVE-2022-30526"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Zyxel","product":{"product_data":[{"product_name":"USG FLEX 100(W) firmware","version":{"version_data":[{"version_value":"4.50 through 5.30"}]}},{"product_name":"USG FLEX 200 firmware","version":{"version_data":[{"version_value":"4.50 through 5.30"}]}},{"product_name":"USG FLEX 500 firmware","version":{"version_data":[{"version_value":"4.50 through 5.30"}]}},{"product_name":"USG FLEX 700 firmware","version":{"version_data":[{"version_value":"4.50 through 5.30"}]}},{"product_name":"ATP series firmware","version":{"version_data":[{"version_value":"4.32 through 5.30"}]}},{"product_name":"VPN series firmware","version":{"version_data":[{"version_value":"4.30 through 5.30"}]}},{"product_name":"USG FLEX 50(W) firmware","version":{"version_data":[{"version_value":"4.16 through 5.30"}]}},{"product_name":"USG 20(W)-VPN firmware","version":{"version_data":[{"version_value":"4.16 through 5.30"}]}},{"product_name":"USG/ZyWALL series firmware","version":{"version_data":[{"version_value":"4.09 through 4.72"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-269: Improper Privilege Management"}]}]},"references":{"reference_data":[{"refsource":"CONFIRM","name":"https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml","url":"https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml"}]},"impact":{"cvss":{"baseScore":"7.8","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"}},"description":{"description_data":[{"lang":"eng","value":"A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device."}]}}