CVE-2024-11667 Zyxel CVE debrief

Who should care

Security teams, firewall administrators, network operations, incident responders, and managed service providers responsible for Zyxel firewall deployments should prioritize this CVE.

Technical summary

The supplied source corpus identifies CVE-2024-11667 as a path traversal vulnerability in Zyxel multiple firewalls. The CISA KEV entry marks it as known exploited and notes known ransomware campaign use. The KEV guidance is defensive and operational: apply mitigations per vendor instructions, or discontinue use of the product if mitigations are unavailable.

Defensive priority

Urgent

Recommended defensive actions

• Identify all Zyxel firewall assets in scope, including managed customer environments.
• Check whether any deployed Zyxel firewall models are covered by the vendor's advisory referenced in CISA's KEV notes.
• Apply vendor mitigation guidance immediately and verify it is in place.
• If no effective mitigation is available, follow CISA guidance to discontinue use of the product.
• Prioritize log review, alerting, and incident response readiness around exposed firewall management and internet-facing interfaces.
• Track remediation against the CISA KEV due date of 2024-12-24 and document completion.

Evidence notes

CISA added CVE-2024-11667 to the Known Exploited Vulnerabilities catalog on 2024-12-03 and marked it as known ransomware campaign use. The supplied metadata lists the vulnerability as a path traversal issue affecting Zyxel multiple firewalls. The corpus does not provide a CVSS score. KEV notes reference a Zyxel security advisory dated 2024-11-21 and the NVD CVE record.

Official resources