CVE-2023-28771

Vulnerability updated a month ago (2024-11-29T14:50:30.488Z)
Download STIX
Preview STIX
CVE-2023-28771 is a software vulnerability, specifically a command injection flaw, in Zyxel ZyWALL firewalls. The vulnerability was detected by FortiGuard Labs in June 2023 when it was being exploited by several Distributed Denial of Service (DDoS) botnets. It's worth noting that this vulnerability had a significant global impact, affecting 43% of organizations worldwide. Check Point IPS, Harmony Endpoint, and Threat Emulation provide protection against threats exploiting this vulnerability. In May 2023, around 22 Danish energy organizations were targeted in two distinct waves of cyberattacks, one of which exploited CVE-2023-28771. The initial breach and reconnaissance started on May 11, with the attackers exploiting the vulnerability at 16 companies. Research from cybersecurity firm ForeScout challenged the attribution of these attacks to Sandworm, suggesting instead two separate waves of attacks - one exploiting CVE-2023-28771 and another using Mirai botnet variants on infected hosts as an access point. To gain access to victims' networks, threat actors exploited several Remote Command Execution (RCE) vulnerabilities in Zyxel firewalls, including CVE-2023-28771, which was patched by the vendor in April 2023. These intrusions underline the importance of timely patching and maintaining up-to-date security systems. Despite the patch being available, the continued exploitation of this vulnerability indicates a lag in its application across many organizations, leading to substantial security risks.
Description last updated: 2024-05-04T17:55:38.189Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Vulnerability
Zyxel
Exploit
Ddos
Botnet
Fortiguard
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mirai Malware is associated with CVE-2023-28771. Mirai is a type of malware that primarily targets Internet of Things (IoT) devices, converting them into a botnet, which is then used to launch Distributed Denial of Service (DDoS) attacks. In early 2022, Mirai botnets accounted for over seven million detections worldwide, though there was a 9% quarUnspecified
2
Source Document References
Information about the CVE-2023-28771 Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
a year ago
CISA
5 months ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
DARKReading
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago