Improper control of interaction frequency in Zyxel GS1200 series switches



Published: 2022-06-08
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-0823
CWE-ID CWE-799
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe 		GS1200-5
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS1200-5HP
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS1200-8HP
Hardware solutions / Routers & switches, VoIP, GSM, etc

GS1200-8
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Improper control of interaction frequency

EUVDB-ID: #VU64054

Risk: Low

CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-0823

CWE-ID: CWE-799 - Improper Control of Interaction Frequency

Exploit availability: No

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper control of interaction frequency. A local attacker can perform a timing side-channel attack and guess the password.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

GS1200-5: before 2.00(ABKM.2)

GS1200-5HP: before 2.00(ABKN.2)

GS1200-8HP: before 2.00(ABMF.2)

GS1200-8: before 2.00(ABME.2)

External links

http://www.zyxel.com/support/Zyxel-security-advisory-for-password-guessing-vulnerability-of-GS1200-series-switches.shtml


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###