CVE-2022-45853: Zyxel security advisory for privilege escalation vulnerability in GS1900 series switches | Zyxel Networks

CVE: CVE-2022-45853****Summary

Zyxel has released patches for GS1900 series switches affected by a privilege escalation vulnerability. Users are advised to install them for optimal protection.

What is the vulnerability?

The privilege escalation vulnerability in the Zyxel GS1900 series switches could allow a local authenticated attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device via SSH. Although SSH access is disabled by default, which would make a network immune from the attack, users are still recommended to upgrade to the latest firmware for optimal protection.

What versions are vulnerable—and what should you do?

After a thorough investigation, we’ve identified the vulnerable switches that are within their vulnerability support period and released patches to address the vulnerability, as shown in the table below.

Got a question?

Please contact your local service rep or visit Zyxel’s Community for further information or assistance.

Acknowledgment

Thanks to Justin Aarden for reporting the issue to us.

Revision history

2023-6-6: Initial release.

Have a question?

We are always here to help!

Contact us