According to The Register, the Taiwanese company Zyxel warned users that the incorrect signature updating conducted on the night of the 25th to January 26 caused critical errors in the work of USG Flex firewalls and ATP Series, including the departure of the device into an endless reboot cycle .
«We discovered a problem that affects some devices that can cause rebooting cycles, malfunctions of the Zysh demon or problems with access to the entrance, ”said Zyxel. – The system LED can also blink. We pay attention – this is not related to CVE or the security problem. ” ZYXEL claims that the problem has only touched the USG FLEX and ATP Series firewalls (ZLD firmware versions) with active security licenses. Nebula platform devices or the USG Flex H (UOS) series were not injured.
«The problem occurs due to the update of the Application Signature Update, and not the firmware update. To solve this problem, we turned off the signatures on our servers, preventing further impact on the firewalls that did not upload new versions of the signature, ”said Zyxel.
Image source: ZYXEL
In addition to leaving the rebooting cycle, some users after the update are faced with problems such as the inability to enter the commands in the console, the unusually high CPU load and the receipt of reports that “the Zysh demon is busy”, about the formation of a dump memory (Core DUMP), etc. .
ZYXEL said that there are no options for correcting the problem in remote mode. To do this, you need to have physical access to the firewall and connect to the console port. ZYXEL described in detail in a separate guide steps to restore in this way, including the creation of a backup before installing a new firmware. The company warned that those who work in the Device-Ha mode should directly contact the ZYXEL support service for individual assistance.