admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-merge PR#8978

Browse Source 
Auto-merge PR#8978
This commit is contained in:
CVE Team 2023-04-24 13:05:15 -04:00 committed by GitHub
commit 86b57bdb9b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 125 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2023/22xxx/CVE-2023-22918.json
View File

@ -3,16 +3,136 @@
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2023-22918",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "PSIRT@zyxel.com.tw",
"ID": "CVE-2023-22918"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "Zyxel",
"product": {
"product_data": [
{
"product_name": "ATP series firmware",
"version": {
"version_data": [
{
"version_value": "4.32 through 5.35"
}
]
}
},
{
"product_name": "USG FLEX series firmware",
"version": {
"version_data": [
{
"version_value": "4.50 through 5.35"
}
]
}
},
{
"product_name": "USG FLEX 50(W) firmware",
"version": {
"version_data": [
{
"version_value": "4.16 through 5.35"
}
]
}
},
{
"product_name": "USG20(W)-VPN firmware",
"version": {
"version_data": [
{
"version_value": "4.16 through 5.35"
}
]
}
},
{
"product_name": "VPN series firmware",
"version": {
"version_data": [
{
"version_value": "4.30 through 5.35"
}
]
}
},
{
"product_name": "NWA110AX firmware",
"version": {
"version_data": [
{
"version_value": "<= 6.50(ABTG.2)"
}
]
}
},
{
"product_name": "WAC500 firmware",
"version": {
"version_data": [
{
"version_value": "<= 6.50(ABVS.0)"
}
]
}
},
{
"product_name": "WAX510D firmware",
"version": {
"version_data": [
{
"version_value": "<= 6.50(ABTF.2)"
}
]
}
}
]
}
}
]
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps",
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps"
}
]
},
"impact": {
"cvss": {
"baseScore": "6.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device."
}
]
}
}
}