CVE-2018-9129

moderate-risk

Published 2018-08-15

ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections.

Do I need to act?

0.27% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.9/10 Medium

NETWORK / HIGH complexity

Affected Products (17)

Zywall 110 Firmware

Zywall 1100 Firmware

Zywall 310 Firmware

Zywall Vpn 50 Firmware

Zywall Vpn 100 Firmware

Zywall Vpn 300 Firmware

Usg 20W Firmware

Usg 40 Firmware

Usg 40W Firmware

Usg 60 Firmware

Usg 60W Firmware

Usg 110 Firmware

Usg 2200-Vpn Firmware

Usg 310 Firmware

Usg 1100 Firmware

Usg 1900 Firmware

Usg 20W-Vpn Firmware

Affected Vendors

Zyxel

References (6)

ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32%28AAPH.0%29C0_2.pdf

Third Party Advisory https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on...

Patch https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml

ftp://ftp.zyxel.com/USG110/firmware/USG110_4.32%28AAPH.0%29C0_2.pdf

Third Party Advisory https://web-in-security.blogspot.com/2018/08/practical-bleichenbacher-attacks-on...

Patch https://www.zyxel.com/support/bleichenbacher_attack_vulnerability.shtml

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 19/34 · Moderate