From f65494d37bdbf6d1ca777aa6826dc99f807e484f Mon Sep 17 00:00:00 2001 From: Zyxel PSIRT <86775651+zyxel-psirt@users.noreply.github.com> Date: Tue, 25 Apr 2023 00:48:50 +0800 Subject: [PATCH] Update CVE-2023-22917.json --- 2023/22xxx/CVE-2023-22917.json | 100 +++++++++++++++++++++++++++++++-- 1 file changed, 95 insertions(+), 5 deletions(-) diff --git a/2023/22xxx/CVE-2023-22917.json b/2023/22xxx/CVE-2023-22917.json index 3ddd6f035ab..6b5d7e7de8f 100644 --- a/2023/22xxx/CVE-2023-22917.json +++ b/2023/22xxx/CVE-2023-22917.json @@ -3,16 +3,106 @@ "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { - "ID": "CVE-2023-22917", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "PSIRT@zyxel.com.tw", + "ID": "CVE-2023-22917" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "Zyxel", + "product": { + "product_data": [ + { + "product_name": "ATP series firmware", + "version": { + "version_data": [ + { + "version_value": "5.10 through 5.32" + } + ] + } + }, + { + "product_name": "USG FLEX series firmware", + "version": { + "version_data": [ + { + "version_value": "5.00 through 5.32" + } + ] + } + }, + { + "product_name": "USG FLEX 50(W) firmware", + "version": { + "version_data": [ + { + "version_value": "5.10 through 5.32" + } + ] + } + }, + { + "product_name": "USG20(W)-VPN firmware", + "version": { + "version_data": [ + { + "version_value": "5.10 through 5.32" + } + ] + } + }, + { + "product_name": "VPN series firmware", + "version": { + "version_data": [ + { + "version_value": "5.00 through 5.35" + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "CONFIRM", + "name": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps", + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-of-firewalls-and-aps" + } + ] + }, + "impact": { + "cvss": { + "baseScore": "7.5", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "version": "3.1" + } }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file." } ] } -} \ No newline at end of file +}