1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Zywall USG Security Bypass Activity

Attack: Zywall USG Security Bypass Activity

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects the attempt to bypass certain security restrictions and perform unauthorized actions ZyWALL USG series of products.

Additional Information

The ZyWALL USG series of products are universal security gateway (USG) appliances.

The products are prone to a security-bypass vulnerability. Specifically, the issue can be exploited by appending '/images/' in the URL.

Successful exploits may allow attackers to bypass security restrictions, and download or upload configuration files on the system.

Affected

  • ZyWALL USG-20, ZyWALL USG-20W, ZyWALL USG-50, ZyWALL USG-100, ZyWALL USG-200, ZyWALL USG-300, ZyWALL USG-1000, ZyWALL USG-1050, ZyWALL USG-2000

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube