Zyxel security advisory for the Bleichenbacher’s attack vulnerability of ZyWALL/USG devices
CVE: CVE-2018-9129
Summary
ZyWALL/USG devices are vulnerable to Bleichenbacher’s attacks on their IKEv1 implementation. Users are advised to upgrade to the latest available firmware for optimal protection.
What’s the vulnerability?
ZyWALL/USG devices have a security vulnerability in the Internet Key Exchange (IKE) handshake implementation used for their IPsec-based VPN connections. Attackers might be able to use this vulnerability to retrieve IKEv1 session keys and decrypt connections by using a chosen-ciphertext attack called Bleichenbacher's attack.
What products are vulnerable?
ZyWALL/USG series products
What should you do?
We strongly recommend that users of vulnerable products download the latest firmware for optimal network protection.
| Product series | Firmware patch |
|---|---|
| USG 20(W)-VPN/40(W)/60(W)/110/210/2200-VPN | ZLD4.32 available on https://portal.myzyxel.com/* |
| ZyWALL 110 | ZLD4.32 available on https://portal.myzyxel.com/* |
| USG 310/1100/1900 | Provided on demand. Contact your local support. |
| ZyWALL 310/1100 | Provided on demand. Contact your local support. |
| ZyWALL VPN 50/100/300 | ZLD4.31 patch 2 available on https://portal.myzyxel.com/* |
*Upon log-in, click “device management” and “firmware download” on the left-side menu and select your model from the dropdown menu.
Got a question or a tipoff?
Please contact your local service rep for further information or assistance. If you’ve found a vulnerability, we want to work with you to fix it—contact security@zyxel.com.tw and we’ll get right back to you.
Acknowledgment
Thanks to Dennis Felsch and Martin Grothe at Ruhr-University Bochum, Germany, for reporting this vulnerability to us.
Revision history
Initial release 2018-08-13