CVE-2024-9677

The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficiently-protected-credentials-vulnerability-in-firewalls-10-22-2024	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:uos:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:zyxel:usg_flex_100h:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_200h:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_200hp:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_500h:-:::::::*
	cpe:2.3:h:zyxel:usg_flex_700h:-:::::::*

History

05 Dec 2024, 22:11

Type	Values Removed	Values Added
CPE		cpe:2.3:h:zyxel:usg_flex_100h:-:::::::* cpe:2.3:h:zyxel:usg_flex_700h:-:::::::* cpe:2.3:h:zyxel:usg_flex_500h:-:::::::* cpe:2.3:h:zyxel:usg_flex_200hp:-:::::::* cpe:2.3:o:zyxel:uos:::::::: cpe:2.3:h:zyxel:usg_flex_200h:-:::::::*
First Time		Zyxel usg Flex 500h Zyxel usg Flex 200h Zyxel Zyxel usg Flex 100h Zyxel uos Zyxel usg Flex 200hp Zyxel usg Flex 700h
References	~~() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficiently-protected-credentials-vulnerability-in-firewalls-10-22-2024 -~~	() https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficiently-protected-credentials-vulnerability-in-firewalls-10-22-2024 - Vendor Advisory

Information

Published : 2024-10-22 02:15

Updated : 2024-12-05 22:11

NVD link : CVE-2024-9677

Mitre link : CVE-2024-9677

CVE.ORG link : CVE-2024-9677

JSON object : View

Products Affected

zyxel

usg_flex_100h
uos
usg_flex_200h
usg_flex_500h
usg_flex_700h
usg_flex_200hp

CWE

CWE-522

Insufficiently Protected Credentials

{"id": "CVE-2024-9677", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@zyxel.com.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2024-10-22T02:15:04.380", "references": [{"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-insufficiently-protected-credentials-vulnerability-in-firewalls-10-22-2024", "tags": ["Vendor Advisory"], "source": "security@zyxel.com.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@zyxel.com.tw", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "The insufficiently protected credentials vulnerability in the CLI command of the USG FLEX H series uOS firmware version V1.21 and earlier versions\u00a0could allow an authenticated local attacker to gain privilege escalation by stealing the authentication token of a login administrator. Note that this attack could be successful only if the administrator has not logged out."}, {"lang": "es", "value": "La vulnerabilidad de credenciales insuficientemente protegidas en el comando CLI de la versi\u00f3n de firmware uOS V1.21 y versiones anteriores de la serie USG FLEX H podr\u00eda permitir que un atacante local autenticado obtenga una escalada de privilegios al robar el token de autenticaci\u00f3n de un administrador que inici\u00f3 sesi\u00f3n. Tenga en cuenta que este ataque podr\u00eda tener \u00e9xito solo si el administrador no ha cerrado sesi\u00f3n."}], "lastModified": "2024-12-05T22:11:15.217", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:uos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B53BCCF3-FFFC-4E52-997E-36A632C81F00", "versionEndExcluding": "1.30"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:usg_flex_100h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "ED28D5ED-B21A-4CD6-947E-9C21EA801B7D"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_200h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "09D15ECD-4942-407A-A62E-9785568C6B78"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_200hp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FD7E9028-1ECB-4D88-84D8-CFC589B429AE"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_500h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE57BCA4-8631-460A-BFE3-BB765E5D009F"}, {"criteria": "cpe:2.3:h:zyxel:usg_flex_700h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8832743A-99FA-417E-BCE1-4BF7D4CEF9BE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "security@zyxel.com.tw"}