CVE-2023-6397

{"id": "CVE-2023-6397", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-02-20T02:15:48.793", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024", "source": "security@zyxel.com.tw"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\n\n\n\nA null pointer dereference vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1 and USG FLEX series firmware versions from 4.50 through 5.37 Patch 1 could allow a LAN-based attacker to cause denial-of-service (DoS) conditions by downloading a crafted RAR compressed file onto a LAN-side host if the firewall has the \u201cAnti-Malware\u201d feature enabled.\n\n\n\n"}, {"lang": "es", "value": "Una vulnerabilidad de desreferencia de puntero nulo en las versiones de firmware de la serie Zyxel ATP desde 4.32 hasta 5.37 parche 1 y en las versiones de firmware de la serie USG FLEX desde 4.50 hasta 5.37 parche 1 podr\u00eda permitir que un atacante basado en LAN provoque condiciones de denegaci\u00f3n de servicio (DoS) descargando un archivo comprimido RAR creado en un host del lado LAN si el firewall tiene habilitada la funci\u00f3n \u201cAnti-Malware\u201d."}], "lastModified": "2024-02-20T19:50:53.960", "sourceIdentifier": "security@zyxel.com.tw"}