漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
认证机制不恰当
Vulnerability Title
Zyxel USG/ZyWALL 授权问题漏洞
Vulnerability Description
Zyxel USG/ZyWALL是中国合勤科技(Zyxel)公司的一款防火墙。 Zyxel USG/ZyWALL 4.32-4.71、USG FLEX 4.50-5.21、ATP 4.32-5.21、VPN 4.32 -5.21版本中存在授权问题漏洞,该漏洞源于缺乏适当的访问控制机制,攻击者利用该漏洞可通过 IPsec VPN 客户端从双因素身份验证降级为单因素身份验证。
CVSS Information
N/A
Vulnerability Type
N/A