Zyxel urges customers to patch critical firewall bypass vulnerability
Taiwanese networking giant Zyxel released a security advisory urging its customers to patch a critical flaw that can lead to the circumvention of firewall protection. The vulnerability has a CVSS score of 9.8, making it highly severe, and affects Zyxel USG, ZyWALL, FLEX, ATP, VPN, and NSG product lines. The flaw has been described as an authentication bypass error that is caused by a failure in the access control mechanisms.
The bug is currently present in a number of CGI programs that are embedded in firewall software. Zyxel has released patches for the software impacted by the flaw, and users should implement them immediately. Zyxel noted that the patches only apply to products still in their support period. The company launched an investigation into the vulnerability to find out more about its nature. Legacy product users are more vulnerable than others, according to Zyxel.