Critical bug in Zyxel firewalls and VPNs
CVE-2022-30525 (CVSS 9.8)
Official Manufacturer: https://www.zyxel.com/support/Zyxel-security-advisory-for-OS-command-injection-vulnerability-of-firewalls.shtml
NVD: NVD - CVE-2022-30525 (nist.gov)
Firewall products are used to protect the internal network infrastructure and keep attackers out of the internal network.
Attackers are actively exploiting this critical vulnerability in order to gain access to systems and use the VPN and Firewall products as initial access points into the internal network.
Access can be used or sold afterwards for espionage, data exfiltration, ransomware, and other high-impact attacks.
Successful exploitation allows a remote attacker to inject arbitrary commands without authentication, which can enable the attacker to gain access on the system and move laterally to the rest of the network.
CERT.be recommends upgrading Zyxel device firmware to version "ZLD V5.30".
CERT.be recommends using Two-Factor Authentication (2FA) protection for admin and VPN connections configured on these devices.