GreyNoise Observes Exploit Attempts Targeting Zyxel CVE-2023-28771

GreyNoise has identified active exploit attempts targeting a critical remote code execution vulnerability, tracked as CVE-2023-28771, affecting Zyxel devices. This vulnerability specifically impacts Internet Key Exchange (IKE) packet decoders operating over UDP port 500. Observed on June 16, these exploitation attempts indicate active threat activity seeking to compromise vulnerable infrastructure remotely. While no specific threat actor group or malware family has been attributed to these campaigns in the current reporting, the nature of the vulnerability allows for potential unauthorized code execution. Organizations utilizing Zyxel networking equipment should immediately verify their exposure on UDP port 500. Mitigation strategies involve applying vendor patches promptly and restricting unnecessary external access to IKE services. Continuous monitoring for suspicious traffic patterns on port 500 is recommended to detect potential compromise attempts. Security teams must prioritize this vulnerability due to the risk of remote system control.

‍On June 16, GreyNoise observed exploit attempts targeting CVE-2023-28771 — a remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders over UDP port 500.

GreyNoise has identified active exploit attempts targeting a critical remote code execution vulnerability, tracked as CVE-2023-28771, affecting Zyxel devices. This vulnerability specifically impacts Internet Key Exchange (IKE) packet decoders operating over UDP port 500. Observed on June 16, these exploitation attempts indicate active threat activity seeking to compromise vulnerable infrastructure remotely. While no specific threat actor group or malware family has been attributed to these campaigns in the current reporting, the nature of the vulnerability allows for potential unauthorized code execution. Organizations utilizing Zyxel networking equipment should immediately verify their exposure on UDP port 500. Mitigation strategies involve applying vendor patches promptly and restricting unnecessary external access to IKE services. Continuous monitoring for suspicious traffic patterns on port 500 is recommended to detect potential compromise attempts. Security teams must prioritize this vulnerability due to the risk of remote system control. ‍On June 16, GreyNoise observed exploit attempts targeting CVE-2023-28771 — a remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders over UDP port 500. ‍On June 16, GreyNoise observed exploit attempts targeting CVE-2023-28771 — a remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders over UDP port 500.