VMware CVE-2022-22947 and Zyxel CVE-2022-30525 Vulnerabilities

CVE-2022-22947 and CVE-2022-30525 vulnerabilities

What is CVE-2022-22947 (Spring Cloud Gateway)?

Code injection vulnerability has been detected in the applications using Spring Cloud Gateway. This vulnerability can be exploited when the Gateway Actuator endpoint is enabled, insecure, and exposed. By exploiting this vulnerability, a remote attacker could make a maliciously crafted request that can lead to arbitrary remote code execution.

CVE ID	CVE-2022-22947
Vulnerability Name	Spring Cloud Gateway
Vendor	VMware
Product	Spring Cloud Gateway
Short Description	Code Injection vulnerability has been found on Spring Cloud Gateway. The application is vulnerable to the code injection attack when the endpoint is enabled, exposed and unsecured for the Gateway Actuator.
Date added to the catalog	2022-05-16
Severity (Scale out of 10)	The vulnerability has been assigned a severity of 10 (critical) on a scale of 10.
Impact	Affected VMware products: Spring Cloud Gateway 3.1.0 3.0.0 to 3.0.6 Other older versions are also affected.
Remediation	The users that are affected by the following vulnerability should apply the remediation: The users using 3.1.0 can upgrade to 3.1.1+ The users using 3.0.X can upgrade to 3.0.7+

End-to-End Proactive Solutions for empowering Advanced Threat Protection and Intelligence with Real-Time Analytics, Cyber Security Services

What is CVE-2022-30525 (Zyxel Multiple Firewalls OS Command Injection Vulnerability)?

A command injection vulnerability has been detected in the CGI program of some Zyxel firewall versions. The affected modules are vulnerable to unauthenticated and remote code injection via an administrative HTTP interface. The exploitation of this vulnerability can allow an attacker to modify specific files and then further execute some OS commands on the vulnerable device. The vulnerability functionality is invoked by using the command setWanPortSt. The attacker can inject an arbitrary command into the MTU or the data parameter.

CVE ID	CVE-2022-30525
Vulnerability Name	Zyxel Multiple Firewall OS Command Injection Vulnerability
Vendor	Zyxel
Product	Multiple Firewall
Description	A command injection vulnerability has been detected in the CGI program of some Zyxel firewall versions. The exploitation of this vulnerability can allow an attacker to modify specific files and then further execute some OS commands on the vulnerable device.
Date added to the catalog	2022-05-16
Severity (Scale out of 10)	This vulnerability has been assigned a vulnerability of 9.8( Critical ) on a scale of 10.
Impact	This vulnerability has impacted the following firewall modules: ATP Series- Firmware: ZLD V5.10 to ZLD V5.21 Patch 1 VPN Series- Firmware: ZLD V4.60 to ZLD V5.21 Patch 1 USG FLEX 100(W), 200, 500, 700- Firmware: ZLD V5.00 to ZLD V5.21 USG FLEX 50(W)/ USG20 (W)-VPN - Firmware: ZLD V5.10 to ZLD V5.21
Remediation	This vulnerability can be remediated by the following: Upgrade the firmware to V5.30. Enable automatic firmware updates and disable the WAN access to the administrative web interface of the system.

Conclusion

These Code Injection and command injection Vulnerabilities are exploited when the endpoint is enabled, exposed, and unsecured for the Gateway Actuator leads to allow an attacker to modify specific files and then further execute some OS commands on the vulnerable device.

Click here to know more about related Vulnerabilities and their Remediations