Warning: High-severity directory traversal vulnerability in web management interface of Zyxel ZLD firewalls actively exploited by ransomware actors, Patch Immediately!
CVE-2024-11667 - 7.5 HIGH (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Sources
NIST NVD - https://nvd.nist.gov/vuln/detail/CVE-2024-11667
Risques
Zyxel firewalls are Next-Generation firewalls used by organizations for security protection.
A 7.5 high vulnerability exists in the web management interface of Zyxel ZLD firewalls. If left unpatched, the affected devices are vulnerable to directory traversal attacks with possible high impact on confidentiality.
The vulnerability is known to be actively exploited by threat actors using the Helldown ransomware strain.
CVE-2024-11667 is fixed in the latest firmware update 5.39.
Description
CVE-2024-11667 is an 'Improper Limitation of a Pathname to a Restricted Directory' type vulnerability, also known as 'Path Traversal'. If exploited successfully, an attacker can download files via a crafted URL, but also upload malicious files.
Actions recommandées
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
A firmware update to version 5.39 is available via the vendors website. In the meantime, it is strongly recommended to disable remote access and change the administrator password.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident.
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.