CVE-2023-25096

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jul 6, 2023
Updated: Aug 2, 2023
CWE ID 121
CWE ID 787

Summary

CVE-2023-25096 is a vulnerability that affects the Milesight UR32L v32.3.0.5. It is caused by multiple buffer overflow vulnerabilities in the vtysh_ubus binary due to the use of an unsafe sprintf pattern. This can lead to arbitrary code execution when a specially crafted HTTP request is sent by an attacker with high privileges. The vulnerability occurs in the set_qos function with the rule_name variable, which has two possible format strings. The base severity of this vulnerability is rated as HIGH, with a base score of 7.2 out of 10. Remediation for this vulnerability would require patching or updating the affected product to a version that addresses the buffer overflow issues, as well as implementing proper input validation and sanitization measures to prevent similar vulnerabilities in the future. This vulnerability poses a significant danger to organizations using Milesight UR32L v32.3.0.5, as it allows attackers to execute arbitrary code and potentially gain control over affected systems, leading to potential data breaches, system compromise, and disruption of operations.

Share

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-25096 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options