CVE-2023-28768

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

14/08/2023

Last modified:

21/08/2023

Description

Improper frame handling in the Zyxel XGS2220-30 firmware version V4.80(ABXN.1), XMG1930-30 firmware version V4.80(ACAR.1), and XS1930-10 firmware version V4.80(ABQE.1) could allow an unauthenticated LAN-based attacker to cause denial-of-service (DoS) conditions by sending crafted frames to an affected switch.

Impact

Vector 3.x

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS v3.1 Severity and Metrics:

Base Score: 6.50 MEDIUM
Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): None
Integrity (I): None
Availability (A): High

Base Score 3.x

6.50

Severity 3.x

MEDIUM

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:zyxel:xgs2220-30_firmware:4.80\(abxn.1\):::::::*
cpe:2.3:h:zyxel:xgs2220-30:-:::::::*
cpe:2.3:o:zyxel:xgs2220-30f_firmware:4.80\(abye.1\):::::::*
cpe:2.3:h:zyxel:xgs2220-30f:-:::::::*
cpe:2.3:o:zyxel:xgs2220-30hp_firmware:4.80\(abxo.1\):::::::*
cpe:2.3:h:zyxel:xgs2220-30hp:-:::::::*
cpe:2.3:o:zyxel:xgs2220-54_firmware:4.80\(abxp.1\):::::::*
cpe:2.3:h:zyxel:xgs2220-54:-:::::::*
cpe:2.3:o:zyxel:xgs2220-54fp_firmware:4.80\(acce.1\):::::::*
cpe:2.3:h:zyxel:xgs2220-54fp:-:::::::*
cpe:2.3:o:zyxel:xgs2220-54hp_firmware:4.80\(abxq.1\):::::::*
cpe:2.3:h:zyxel:xgs2220-54hp:-:::::::*
cpe:2.3:o:zyxel:xmg1930-30_firmware:4.80\(acar.1\):::::::*
cpe:2.3:h:zyxel:xmg1930-30:-:::::::*
cpe:2.3:o:zyxel:xmg1930-30hp_firmware:4.80\(acas.1\):::::::*

To consult the complete list of CPE names with products and versions, see this page

References to Advisories, Solutions, and Tools

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-dos-vulnerability-of-xgs2220-xmg1930-and-xs1930-series-switches

CPE	From	Up to
cpe:2.3:o:zyxel:xgs2220-30_firmware:4.80\(abxn.1\):::::::*
cpe:2.3:h:zyxel:xgs2220-30:-:::::::*
cpe:2.3:o:zyxel:xgs2220-30f_firmware:4.80\(abye.1\):::::::*
cpe:2.3:h:zyxel:xgs2220-30f:-:::::::*
cpe:2.3:o:zyxel:xgs2220-30hp_firmware:4.80\(abxo.1\):::::::*
cpe:2.3:h:zyxel:xgs2220-30hp:-:::::::*
cpe:2.3:o:zyxel:xgs2220-54_firmware:4.80\(abxp.1\):::::::*
cpe:2.3:h:zyxel:xgs2220-54:-:::::::*
cpe:2.3:o:zyxel:xgs2220-54fp_firmware:4.80\(acce.1\):::::::*
cpe:2.3:h:zyxel:xgs2220-54fp:-:::::::*
cpe:2.3:o:zyxel:xgs2220-54hp_firmware:4.80\(abxq.1\):::::::*
cpe:2.3:h:zyxel:xgs2220-54hp:-:::::::*
cpe:2.3:o:zyxel:xmg1930-30_firmware:4.80\(acar.1\):::::::*
cpe:2.3:h:zyxel:xmg1930-30:-:::::::*
cpe:2.3:o:zyxel:xmg1930-30hp_firmware:4.80\(acas.1\):::::::*