CVE-2022-45853

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:zyxel:gs1900-8_firmware:2.70\(aahh.3\):*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-8:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:zyxel:gs1900-8hp_firmware:2.70\(aahi.3\):*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-8hp:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:zyxel:gs1900-10hp_firmware:2.70\(aazi.3\):*:*:*:*:*:*:*

cpe:2.3:h:zyxel:gs1900-10hp:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:zyxel:gs1900-16:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:gs1900-16_firmware:2.70\(aahj.3\):*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:h:zyxel:gs1900-24:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:gs1900-24_firmware:2.70\(aahl.3\):*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:h:zyxel:gs1900-24e:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:gs1900-24e_firmware:2.70\(aahk.3\):*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:h:zyxel:gs1900-24ep:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:gs1900-24ep_firmware:2.70\(abto.3\):*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:h:zyxel:gs1900-24hpv2:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:gs1900-24hpv2_firmware:2.70\(abtp.3\):*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:h:zyxel:gs1900-48:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:gs1900-48_firmware:2.70\(aahn.3\):*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:h:zyxel:gs1900-48hpv2:-:*:*:*:*:*:*:*

cpe:2.3:o:zyxel:gs1900-48hpv2_firmware:2.70\(abtq.3\):*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-05-30 11:15

Updated : 2023-06-06 21:08

NVD link : CVE-2022-45853

Mitre link : CVE-2022-45853

CVE.ORG link : CVE-2022-45853

JSON object : View

Products Affected

zyxel

gs1900-24hpv2_firmware
gs1900-48hpv2
gs1900-24
gs1900-8_firmware
gs1900-24e_firmware
gs1900-24hpv2
gs1900-24ep
gs1900-24_firmware
gs1900-48
gs1900-24e
gs1900-8hp_firmware
gs1900-48hpv2_firmware
gs1900-24ep_firmware
gs1900-8hp
gs1900-10hp
gs1900-10hp_firmware
gs1900-16_firmware
gs1900-16
gs1900-8
gs1900-48_firmware

CWE

NVD-CWE-noinfo CWE-269

Improper Privilege Management

6.7 /10