CVE-2021-35028 - OpenCVE

A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Zyxel	Zywall Vpn2s Zywall Vpn2s Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zyxel:zywall_vpn2s_firmware:1.12\(abln.0\)c0:*:*:*:*:*:*:*

cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Zyxel

Published: 2021-09-29T10:35:57

Updated: 2021-09-29T10:35:57

Reserved: 2021-06-17T00:00:00

Link: CVE-2021-35028

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-29T11:15:07.547

Modified: 2021-10-02T15:18:25.500

Link: CVE-2021-35028

JSON object: View

Redhat Information

No data.

CWE

CWE-78

{"containers": {"cna": {"affected": [{"product": "ZyWALL VPN2S Firmware", "vendor": "Zyxel", "versions": [{"status": "affected", "version": "1.12(ABLN.0)C0"}]}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-09-29T10:35:57", "orgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "shortName": "Zyxel"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@zyxel.com.tw", "ID": "CVE-2021-35028", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "ZyWALL VPN2S Firmware", "version": {"version_data": [{"version_value": "1.12(ABLN.0)C0"}]}}]}, "vendor_name": "Zyxel"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands."}]}, "impact": {"cvss": {"baseScore": "7.3", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}]}, "references": {"reference_data": [{"name": "https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml", "refsource": "MISC", "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml"}]}}}}, "cveMetadata": {"assignerOrgId": "96e50032-ad0d-4058-a115-4d2c13821f9f", "assignerShortName": "Zyxel", "cveId": "CVE-2021-35028", "datePublished": "2021-09-29T10:35:57", "dateReserved": "2021-06-17T00:00:00", "dateUpdated": "2021-09-29T10:35:57", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zyxel:zywall_vpn2s_firmware:1.12\\(abln.0\\)c0:*:*:*:*:*:*:*", "matchCriteriaId": "E93F6084-B93D-4D50-85C6-1D8C375D8E34", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zyxel:zywall_vpn2s:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D3F001A-8790-463F-804B-CA5CAC610867", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, local user to execute arbitrary OS commands."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n de comandos en el programa CGI de Zyxel VPN2S versi\u00f3n del firmware 1.12, podr\u00eda permitir a un usuario local autenticado ejecutar comandos arbitrarios del sistema operativo"}], "id": "CVE-2021-35028", "lastModified": "2021-10-02T15:18:25.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 6.0, "source": "security@zyxel.com.tw", "type": "Secondary"}]}, "published": "2021-09-29T11:15:07.547", "references": [{"source": "security@zyxel.com.tw", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.zyxel.com/support/Zyxel_security_advisory_for_directory_traversal_and_command_injection_vulnerabilities_of_VPN2S_Firewall.shtml"}], "sourceIdentifier": "security@zyxel.com.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@zyxel.com.tw", "type": "Secondary"}]}