プラットフォーム
zyxel
修正版
4.20.1
4.50.1
4.32.1
4.30.1
1.20.1
CVE-2022-0342 is a critical authentication bypass vulnerability impacting several Zyxel firewall series. This flaw allows an attacker to circumvent the web authentication mechanism and potentially gain unauthorized administrative access to the device. Affected products include USG/ZyWALL series (4.20–4.70), USG FLEX series (4.50–5.20), ATP series (4.32–5.20), VPN series (4.30–5.20), and NSG series (V1.20–V1.33 Patch 4). Zyxel has released firmware updates to address this vulnerability.
Successful exploitation of CVE-2022-0342 grants an attacker complete administrative control over the affected Zyxel firewall. This includes the ability to modify firewall rules, access sensitive network traffic data, configure VPN connections, and potentially pivot to other systems within the network. The impact is particularly severe as the vulnerability allows for bypassing standard authentication measures, making it easier for attackers to compromise the device. A compromised firewall can serve as a launchpad for broader network attacks, leading to data breaches, service disruptions, and reputational damage. The potential for lateral movement is high, as an attacker can leverage the firewall's access to map and exploit other internal resources.
CVE-2022-0342 was publicly disclosed on March 28, 2022. While no active exploitation campaigns have been definitively confirmed, the vulnerability's critical severity and ease of exploitation make it a high-priority target. The vulnerability is tracked on the CISA KEV catalog, indicating a significant risk to federal agencies. Public proof-of-concept exploits are likely to emerge, increasing the risk of widespread exploitation.
Organizations heavily reliant on Zyxel firewalls for perimeter security are at significant risk. This includes small to medium-sized businesses (SMBs), remote offices, and managed service providers (MSPs) who manage Zyxel firewalls for their clients. Environments with legacy configurations or those that haven't implemented robust access controls are particularly vulnerable.
• linux / server:
journalctl -u zyxel-firewall -g 'authentication bypass'• generic web:
curl -I <firewall_ip>/cgi-bin/login.cgi | grep -i 'WWW-Authenticate'• zyxel:
Check Zyxel firewall logs for unusual authentication attempts or configuration changes. Examine the /var/log/login.log file for suspicious login patterns.
disclosure
patch
エクスプロイト状況
EPSS
92.22% (100% パーセンタイル)
CVSS ベクトル
The primary mitigation for CVE-2022-0342 is to upgrade to the patched firmware versions released by Zyxel. Specific versions vary by product series and should be consulted on the Zyxel support website. As an interim measure, implement Web Application Firewall (WAF) rules to block suspicious requests targeting the authentication endpoints. Carefully review and restrict access to the firewall's web management interface, limiting it to trusted administrative IPs. Monitor firewall logs for unusual authentication attempts or unauthorized configuration changes. After upgrading, confirm the fix by attempting to access the web management interface with invalid credentials – authentication should be enforced.
Zyxel USG/ZyWALL、USG FLEX、ATP、VPN、または NSG デバイスのファームウェアを、ベンダーが提供する最新バージョンにアップデートしてください。詳細と具体的な手順については、Zyxel のセキュリティアドバイザリを参照してください。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2022-0342 is a critical vulnerability allowing attackers to bypass authentication and gain admin access to Zyxel USG/ZyWALL, USG FLEX, ATP, VPN, and NSG series firewalls (4.20-5.20).
If you are using a Zyxel firewall running firmware versions 4.20 through 5.20 on the affected series, you are potentially vulnerable to this authentication bypass.
Upgrade to the latest patched firmware version provided by Zyxel for your specific firewall model. Implement WAF rules as an interim measure.
While no confirmed active exploitation campaigns are publicly known, the vulnerability's severity and ease of exploitation make it a high-priority target.
Refer to the Zyxel Security Advisory: https://www.zyxel.com/support/advisory/ZYXEL-2022-0342