Rewterz Threat Advisory – CVE-2022-35405 – Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus Vulnerability
September 28, 2022Rewterz Threat Advisory – CVE-2022-36771 – IBM QRadar User Behavior Analytics Vulnerability
September 28, 2022Rewterz Threat Advisory – CVE-2022-35405 – Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus Vulnerability
September 28, 2022Rewterz Threat Advisory – CVE-2022-36771 – IBM QRadar User Behavior Analytics Vulnerability
September 28, 2022Severity
High
Analysis Summary
CVE-2022-30525
Multiple Zyxel devices could allow a remote attacker to execute arbitrary commands on the system, caused by a flaw in the CGI program. By modifying specific files, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
Impact
- Command Execution
Indicators Of Compromise
CVE
- CVE-2022-35405
Affected Vendors
Zyxel
Affected Products
- Zyxel USG FLEX series firmware ZLD 4.30
- Zyxel USG FLEX series firmware ZLD 4.55
- Zyxel USG FLEX series firmware 4.60
- Zyxel USG FLEX 100(W) ZLD 5.00
- Zyxel USG FLEX 200 ZLD 5.00
- Zyxel USG FLEX 500 ZLD 5.00
- Zyxel USG FLEX 700 ZLD 5.00
- Zyxel USG FLEX 50(W) ZLD 5.10
- Zyxel USG FLEX USG20(W)-VPN ZLD 5.10
- Zyxel ATP series ZLD 5.10
- Zyxel VPN series ZLD 5.10
Remediation
Refer to Zyxel Web site for patch, upgrade or suggested workaround information.