Zyxel Firewall is vulnerable to a critical vulnerability being used in recent cyberattacks. Tracked as CVE-2024-11667, the flaw used to deploy the dangerous Helldown ransomware. The German CERT (CERT-Bund) has issued the details informing the severity of these attacks and the immediate steps that organizations must take to protect their network devices.
CVE-2024-11667 is a directory traversal vulnerability in the web management interface of Zyxel ZLD firewall firmware. Successful exploitation of the vulnerability may allow an attacker to download or upload files via a crafted URL. An attacker may gain unauthorized access to the system, steal credentials, and create backdoor VPN connections by exploiting the vulnerability.
CISA added CVE-2024-11667 to its Known Exploited Vulnerabilities Catalog, acknowledging their active exploitation. CISA urged users to patch the vulnerabilities before December 24, 2024.
A Zyxel firewall is a network security device that protects computer networks from unauthorized access by filtering incoming and outgoing traffic. The tool includes features such as application control, content filtering, and advanced threat prevention, primarily targeted towards small to medium-sized businesses (SMBs) and home users.
Affected Versions
The vulnerability affects Zyxel ATP and USG Flex Firewall firmware versions 5.00 through 5.38 with remote management or SSL VPN enabled.
Note: The vulnerability does not affect devices utilizing Nebula cloud management mode.
Mitigation
Customers must upgrade to the Zyxel ZLD firmware version 5.39 or later to patch the vulnerability.
For more information, please refer to the official Zyxel Security Advisory.
Qualys Detection
Qualys customers can scan their devices with QID 731964 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024
https://support.zyxel.eu/hc/en-us/articles/21878875707410-Zyxel-USG-FLEX-and-ATP-series-Upgrading-your-device-and-ALL-credentials-to-avoid-hackers-attacks#h_01J9RQNR0WMDY6W4B00BN32VSC
