CVE-2023-25096 — HIGH (7.2)

Vulnerability Description

Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings.

CVSS Score

7.2

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Milesight	Ur32L Firmware	32.3.0.5
Milesight	Ur32L	-

Related Weaknesses (CWE)

CWE-121 CWE-787

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716ExploitThird Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1716ExploitThird Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1716

FAQ

What is CVE-2023-25096?

CVE-2023-25096 is a vulnerability with a CVSS score of 7.2 (HIGH). Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary...

How severe is CVE-2023-25096?

CVE-2023-25096 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-25096?

Check the references section above for vendor advisories and patch information. Affected products include: Milesight Ur32L Firmware, Milesight Ur32L.