XenonStack Recommends

Security Intelligence

VMware CVE-2022-22947 and Zyxel CVE-2022-30525 Vulnerabilities

Parveen Bhandari | 22 August 2022

Subscription

XenonStack White Arrow

Thanks for submitting the form.

What is CVE-2022-22947 (Spring Cloud Gateway)?

Code injection vulnerability has been detected in the applications using Spring Cloud Gateway. This vulnerability can be exploited when the Gateway Actuator endpoint is enabled, insecure, and exposed. By exploiting this vulnerability, a remote attacker could make a maliciously crafted request that can lead to arbitrary remote code execution.

CVE ID CVE-2022-22947
Vulnerability Name Spring Cloud Gateway
Vendor VMware 
Product Spring Cloud Gateway 
Short Description Code Injection vulnerability has been found on Spring Cloud Gateway. The application is vulnerable to the code injection attack when the endpoint is enabled, exposed and unsecured for the Gateway Actuator. 
Date added to the catalog 2022-05-16
Severity (Scale out of 10) The vulnerability has been assigned a severity of 10 (critical) on a scale of 10.
Impact Affected VMware products:
  • Spring Cloud Gateway
  • 3.1.0
  • 3.0.0 to 3.0.6
  • Other older versions are also affected. 
Remediation The users that are affected by the following vulnerability should apply the remediation:
  • The users using 3.1.0 can upgrade to 3.1.1+
  • The users using 3.0.X can upgrade to 3.0.7+
Cyber Security Services
End-to-End Proactive Solutions for empowering Advanced Threat Protection and Intelligence with Real-Time Analytics, Cyber Security Services

What is CVE-2022-30525 (Zyxel Multiple Firewalls OS Command Injection Vulnerability)?

A command injection vulnerability has been detected in the CGI program of some Zyxel firewall versions. The affected modules are vulnerable to unauthenticated and remote code injection via an administrative HTTP interface. The exploitation of this vulnerability can allow an attacker to modify specific files and then further execute some OS commands on the vulnerable device. The vulnerability functionality is invoked by using the command setWanPortSt. The attacker can inject an arbitrary command into the MTU or the data parameter.

CVE ID CVE-2022-30525
Vulnerability Name Zyxel Multiple Firewall OS Command Injection Vulnerability
Vendor Zyxel
Product Multiple Firewall
Description A command injection vulnerability has been detected in the CGI program of some Zyxel firewall versions. The exploitation of this vulnerability can allow an attacker to modify specific files and then further execute some OS commands on the vulnerable device.
Date added to the catalog 2022-05-16
Severity (Scale out of 10) This vulnerability has been assigned a vulnerability of 9.8( Critical ) on a scale of 10.
Impact This vulnerability has impacted the following firewall modules:
  • ATP Series- Firmware: ZLD V5.10 to ZLD V5.21 Patch 1
  • VPN Series- Firmware: ZLD V4.60 to ZLD V5.21 Patch 1
  • USG FLEX 100(W), 200, 500, 700- Firmware: ZLD V5.00 to ZLD V5.21
  • USG FLEX 50(W)/ USG20 (W)-VPN - Firmware: ZLD V5.10 to ZLD V5.21
Remediation This vulnerability can be remediated by the following:
  • Upgrade the firmware to V5.30.
  • Enable automatic firmware updates and disable the WAN access to the administrative web interface of the system.

Conclusion

These Code Injection and command injection Vulnerabilities are exploited when the endpoint is enabled, exposed, and unsecured for the Gateway Actuator leads to allow an attacker to modify specific files and then further execute some OS commands on the vulnerable device.

Click here to know more about related Vulnerabilities and their Remediations