CVE-2023-35140

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Nov 7, 2023
Updated: Nov 14, 2023
CWE ID 269

Summary

CVE-2023-35140 is a privilege escalation vulnerability affecting the Zyxel GS1900-24EP switch in firmware version V2.70(ABTO.5). This issue enables authenticated local users with read-only access to modify system settings on a vulnerable device, despite having insufficient privileges for such actions. The implications of this vulnerability include potential misconfigurations and unauthorized modifications to the device's settings. To mitigate the risk, it is recommended that users update their switch firmware to the latest version as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share