Cybercriminals launch attacks against vulnerable people vpn and firewall devices from Zyxel, security researchers have warned.
By exploiting a critical vulnerability identified as CVE-2022-30525 – present in ATP, VPN and some USG FLEX series products – attackers can bypass authentication and execute code remotely.
Although Zyxel rolled out a fix for the security bug last week, thousands of administrators failed to install the necessary fix and the exploit is now being used openly in the wild.
Zyxel VPN Vulnerability
Zyxel’s Vulnerability Business VPN was first identified by security firm Rapid7, which helped the company fix the issue.
In a blog post Detailing the bug, Rapid7 warned that attackers could abuse the issue to establish a reverse shell, a type of session that facilitates communication between the attacker and the target machine and sets the stage for further attacks.
The result is that the attacker could effectively take full control of systems that are otherwise protected by firewalls and other network security measures.
In an opinion released by Zyxel alongside the patch, the company urged administrators to immediately install the corresponding update. This feeling was echoed on Twitter by the NSA’s director of cybersecurity, such is the severity of the problem and the popularity of Zyxel hardware.
The latest analysis shows that more than 15,000 vulnerable Zyxel products remain unpatched, the majority of which belong to companies based in France, Italy, Switzerland and the United States, meaning that the potential scope of attacks is significant.
To help organizations protect against and mitigate attacks, several security researchers have published helpful resources online. A team operating under the Spanish telecommunications company Telefonica, for example, published a program which analyzes vulnerable terminals, and another researcher published a tool to help detect intrusions related to the flaw.
Going through beeping computer