CVE-2022-0910

24.05.2022, 03:15

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Zyxel	CNA	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 10%

Vendor	Product	Version
zyxel	vpn100_firmware	4.32 ≤ 𝑥 ≤ 5.21
zyxel	vpn1000_firmware	4.32 ≤ 𝑥 ≤ 5.21
zyxel	vpn300_firmware	4.32 ≤ 𝑥 ≤ 5.21
zyxel	vpn50_firmware	4.32 ≤ 𝑥 ≤ 5.21
zyxel	atp100_firmware	4.32 ≤ 𝑥 ≤ 5.21
zyxel	atp100w_firmware	4.32 ≤ 𝑥 ≤ 5.21
zyxel	atp200_firmware	4.32 ≤ 𝑥 ≤ 5.21
zyxel	atp500_firmware	4.32 ≤ 𝑥 ≤ 5.21
zyxel	atp700_firmware	4.32 ≤ 𝑥 ≤ 5.21
zyxel	atp800_firmware	4.32 ≤ 𝑥 ≤ 5.21
zyxel	usg_110_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg_1100_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg_1900_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg_20w_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg_20w-vpn_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg_2200-vpn_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg_310_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg_40_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg_40w_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg_60_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg_60w_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg_flex_100_firmware	4.50 ≤ 𝑥 ≤ 5.21
zyxel	usg_flex_100w_firmware	4.50 ≤ 𝑥 ≤ 5.21
zyxel	usg_flex_200_firmware	4.50 ≤ 𝑥 ≤ 5.21
zyxel	usg_flex_500_firmware	4.50 ≤ 𝑥 ≤ 5.21
zyxel	usg_flex_700_firmware	4.50 ≤ 𝑥 ≤ 5.21
zyxel	usg200_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg20_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg210_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg2200_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg300_firmware	4.32 ≤ 𝑥 ≤ 4.71
zyxel	usg310_firmware	4.32 ≤ 𝑥 ≤ 4.71

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-287 - Improper Authentication
When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

References

https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml