CVE-2022-45853

Severity Score

6.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version

V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with administrator privileges to execute some system commands as 'root' on a vulnerable device via SSH.

*Credits: N/A

CVSS Scores

NISTv3.1 6.7

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-11-23 CVE Reserved
2023-05-30 CVE Published
2023-06-06 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-269: Improper Privilege Management

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-privilege-escalation-vulnerability-in-gs1900-series-switches	2023-06-06

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Zyxel Search vendor "Zyxel"	Gs1900-8 Firmware Search vendor "Zyxel" for product "Gs1900-8 Firmware"	2.70\(aahh.3\) Search vendor "Zyxel" for product "Gs1900-8 Firmware" and version "2.70\(aahh.3\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-8 Search vendor "Zyxel" for product "Gs1900-8"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-8hp Firmware Search vendor "Zyxel" for product "Gs1900-8hp Firmware"	2.70\(aahi.3\) Search vendor "Zyxel" for product "Gs1900-8hp Firmware" and version "2.70\(aahi.3\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-8hp Search vendor "Zyxel" for product "Gs1900-8hp"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-10hp Firmware Search vendor "Zyxel" for product "Gs1900-10hp Firmware"	2.70\(aazi.3\) Search vendor "Zyxel" for product "Gs1900-10hp Firmware" and version "2.70\(aazi.3\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-10hp Search vendor "Zyxel" for product "Gs1900-10hp"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-16 Firmware Search vendor "Zyxel" for product "Gs1900-16 Firmware"	2.70\(aahj.3\) Search vendor "Zyxel" for product "Gs1900-16 Firmware" and version "2.70\(aahj.3\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-16 Search vendor "Zyxel" for product "Gs1900-16"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-24 Firmware Search vendor "Zyxel" for product "Gs1900-24 Firmware"	2.70\(aahl.3\) Search vendor "Zyxel" for product "Gs1900-24 Firmware" and version "2.70\(aahl.3\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-24 Search vendor "Zyxel" for product "Gs1900-24"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-24e Firmware Search vendor "Zyxel" for product "Gs1900-24e Firmware"	2.70\(aahk.3\) Search vendor "Zyxel" for product "Gs1900-24e Firmware" and version "2.70\(aahk.3\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-24e Search vendor "Zyxel" for product "Gs1900-24e"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-24ep Firmware Search vendor "Zyxel" for product "Gs1900-24ep Firmware"	2.70\(abto.3\) Search vendor "Zyxel" for product "Gs1900-24ep Firmware" and version "2.70\(abto.3\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-24ep Search vendor "Zyxel" for product "Gs1900-24ep"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-24hpv2 Firmware Search vendor "Zyxel" for product "Gs1900-24hpv2 Firmware"	2.70\(abtp.3\) Search vendor "Zyxel" for product "Gs1900-24hpv2 Firmware" and version "2.70\(abtp.3\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-24hpv2 Search vendor "Zyxel" for product "Gs1900-24hpv2"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-48 Firmware Search vendor "Zyxel" for product "Gs1900-48 Firmware"	2.70\(aahn.3\) Search vendor "Zyxel" for product "Gs1900-48 Firmware" and version "2.70\(aahn.3\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-48 Search vendor "Zyxel" for product "Gs1900-48"	-	-	Safe
Zyxel Search vendor "Zyxel"	Gs1900-48hpv2 Firmware Search vendor "Zyxel" for product "Gs1900-48hpv2 Firmware"	2.70\(abtq.3\) Search vendor "Zyxel" for product "Gs1900-48hpv2 Firmware" and version "2.70\(abtq.3\)"	-	Affected	in	Zyxel Search vendor "Zyxel"	Gs1900-48hpv2 Search vendor "Zyxel" for product "Gs1900-48hpv2"	-	-	Safe