Zyxel Firewall Directory Traversal Vulnerability Exploited in Ransomware Attack (CVE-2024-11667)

Posted by Author Diksha Ojha on Posted on

Zyxel Firewall is vulnerable to a critical vulnerability being used in recent cyberattacks. Tracked as CVE-2024-11667, the flaw used to deploy the dangerous Helldown ransomware. The German CERT (CERT-Bund) has issued the details informing the severity of these attacks and the immediate steps that organizations must take to protect their network devices.

CVE-2024-11667 is a directory traversal vulnerability in the web management interface of Zyxel ZLD firewall firmware. Successful exploitation of the vulnerability may allow an attacker to download or upload files via a crafted URL. An attacker may gain unauthorized access to the system, steal credentials, and create backdoor VPN connections by exploiting the vulnerability.

CISA added CVE-2024-11667 to its Known Exploited Vulnerabilities Catalog, acknowledging their active exploitation. CISA urged users to patch the vulnerabilities before December 24, 2024.

A Zyxel firewall is a network security device that protects computer networks from unauthorized access by filtering incoming and outgoing traffic. The tool includes features such as application control, content filtering, and advanced threat prevention, primarily targeted towards small to medium-sized businesses (SMBs) and home users.

Affected Versions

The vulnerability affects Zyxel ATP and USG Flex Firewall firmware versions 5.00 through 5.38 with remote management or SSL VPN enabled.

Note: The vulnerability does not affect devices utilizing Nebula cloud management mode.

Mitigation

Customers must upgrade to the Zyxel ZLD firmware version 5.39 or later to patch the vulnerability.

For more information, please refer to the official Zyxel Security Advisory.

Qualys Detection

Qualys customers can scan their devices with QID 731964 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024  
https://support.zyxel.eu/hc/en-us/articles/21878875707410-Zyxel-USG-FLEX-and-ATP-series-Upgrading-your-device-and-ALL-credentials-to-avoid-hackers-attacks#h_01J9RQNR0WMDY6W4B00BN32VSC

Leave a Reply

Your email address will not be published. Required fields are marked *