What is CVE-2023-6399?

CVE-2023-6399 is a medium-severity vulnerability in Zyxel Atp Series Firmware, classified under Use of Externally-Controlled Format String. CVSS score: 5.7/10. Published 2024-02-20.

How severe is CVE-2023-6399?

Medium severity. CVSS v3 base score is 5.7 out of 10.

Is CVE-2023-6399 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Zyxel Atp Series Firmware

CVE-2023-6399

A format string vulnerability in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, U…

EPSS: 0.003 (54.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.7 (Medium). Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Zyxel Atp Series Firmware — versions version 4.32 through 5.37 Patch 1
Zyxel Usg20(w)-vpn Series Firmware — versions version 4.16 through 5.37 Patch 1
Zyxel Usg Flex 50(w) Series Firmware — versions version 4.16 through 5.37 Patch 1
Zyxel Usg Flex H Series Firmware — versions version 1.10 through 1.10 Patch 1
Zyxel Usg Flex Series Firmware — versions version 4.50 through 5.37 Patch 1

Weakness classification (CWE)

CWE-134 — Use of Externally-Controlled Format String

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for… (vendor-advisory)

Frequently asked questions

What is CVE-2023-6399?: CVE-2023-6399 is a medium-severity vulnerability in Zyxel Atp Series Firmware, classified under Use of Externally-Controlled Format String. CVSS score: 5.7/10. Published 2024-02-20.
How severe is CVE-2023-6399?: Medium severity. CVSS v3 base score is 5.7 out of 10.
Is CVE-2023-6399 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.