CVE-2023-4398

Name of the Vulnerable Software and Affected Versions Zyxel ATP series firmware versions 4.32 through 5.37 Zyxel USG FLEX series firmware versions 4.50 through 5.37 Zyxel USG FLEX 50(W) series firmware versions 4.16 through 5.37 Zyxel USG20(W)-VPN series firmware versions 4.16 through 5.37 Zyxel VPN series firmware versions 4.30 through 5.37

Description The issue is related to an integer overflow vulnerability in the QuickSec IPSec toolkit used in the VPN feature of various Zyxel devices. This vulnerability could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions on an affected device by sending a crafted IKE packet.

Recommendations For Zyxel ATP series firmware versions 4.32 through 5.37, update to a version that fixes the integer overflow vulnerability in the QuickSec IPSec toolkit. For Zyxel USG FLEX series firmware versions 4.50 through 5.37, update to a version that fixes the integer overflow vulnerability in the QuickSec IPSec toolkit. For Zyxel USG FLEX 50(W) series firmware versions 4.16 through 5.37, update to a version that fixes the integer overflow vulnerability in the QuickSec IPSec toolkit. For Zyxel USG20(W)-VPN series firmware versions 4.16 through 5.37, update to a version that fixes the integer overflow vulnerability in the QuickSec IPSec toolkit. For Zyxel VPN series firmware versions 4.30 through 5.37, update to a version that fixes the integer overflow vulnerability in the QuickSec IPSec toolkit. As a temporary workaround, consider restricting access to the IKE packet handling functionality until a patch is available.