What is the severity of CVE-2023-5960?

CVE-2023-5960 has a severity score of 5.5 (medium).

How can I fix CVE-2023-5960?

To fix CVE-2023-5960, update your Zyxel USG FLEX series firmware to version 5.38 or later.

Where can I find more information about CVE-2023-5960?

You can find more information about CVE-2023-5960 in the Zyxel Security Advisory for Multiple Vulnerabilities in Firewalls and APs.

Vulnerability/
CVE-2023-5960

medium

5.5

CWE

269

EPSS

0.042%

28/11/2023

2/8/2024

CVE-2023-5960

Q: What is CVE-2023-5960?

CVE-2023-5960 is an improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37.

Q: How does CVE-2023-5960 affect Zyxel USG FLEX series?

CVE-2023-5960 allows an authenticated local attacker to access the system files on an affected Zyxel USG FLEX series device.

First published: Tue Nov 28 2023(Updated: )

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device.

Credit: security@zyxel.com.tw

Affected Software	Affected Version	How to fix
All of
Zyxel Zld	>=4.50<=5.37
Any of
Zyxel Usg Flex 100
Zyxel Usg Flex 100w
Zyxel Usg Flex 200
Zyxel Usg Flex 50
Zyxel Usg Flex 500
Zyxel Usg Flex 50w
Zyxel Usg Flex 700
All of
Zyxel Zld	>=4.30<=5.37
Any of
Zyxel Vpn100
Zyxel Multiple Network-Attached Storage (NAS) Devices
Zyxel Vpn300
Zyxel Vpn50

Never miss a vulnerability like this again

Reference Links

https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps

Frequently Asked Questions

What is CVE-2023-5960?
CVE-2023-5960 is an improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37.
How does CVE-2023-5960 affect Zyxel USG FLEX series?
CVE-2023-5960 allows an authenticated local attacker to access the system files on an affected Zyxel USG FLEX series device.
What is the severity of CVE-2023-5960?
CVE-2023-5960 has a severity score of 5.5 (medium).
How can I fix CVE-2023-5960?
To fix CVE-2023-5960, update your Zyxel USG FLEX series firmware to version 5.38 or later.
Where can I find more information about CVE-2023-5960?
You can find more information about CVE-2023-5960 in the Zyxel Security Advisory for Multiple Vulnerabilities in Firewalls and APs.

collector/nvd-api
agent/type
agent/event
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
agent/weakness
agent/author
agent/severity
agent/references
collector/epss-latest
source/FIRST
agent/description
agent/epss
collector/mitre-cve
source/MITRE
vendor/zyxel
canonical/zyxel zld
version/zyxel zld/4.50
version/zyxel zld/5.37
canonical/zyxel usg flex 100
canonical/zyxel usg flex 100w
canonical/zyxel usg flex 200
canonical/zyxel usg flex 50
canonical/zyxel usg flex 500
canonical/zyxel usg flex 50w
canonical/zyxel usg flex 700
version/zyxel zld/4.30
canonical/zyxel vpn100
canonical/zyxel multiple network-attached storage (nas) devices
canonical/zyxel vpn300
canonical/zyxel vpn50

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.