CVE-2023-25096

Summary

CVE-2023-25096 is a vulnerability that affects the Milesight UR32L v32.3.0.5. It is caused by multiple buffer overflow vulnerabilities in the vtysh_ubus binary due to the use of an unsafe sprintf pattern. This can lead to arbitrary code execution when a specially crafted HTTP request is sent by an attacker with high privileges. The vulnerability occurs in the set_qos function with the rule_name variable, which has two possible format strings. The base severity of this vulnerability is rated as HIGH, with a base score of 7.2 out of 10. Remediation for this vulnerability would require patching or updating the affected product to a version that addresses the buffer overflow issues, as well as implementing proper input validation and sanitization measures to prevent similar vulnerabilities in the future. This vulnerability poses a significant danger to organizations using Milesight UR32L v32.3.0.5, as it allows attackers to execute arbitrary code and potentially gain control over affected systems, leading to potential data breaches, system compromise, and disruption of operations.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.