CVE-2023-22319

Summary

CVE-2023-22319 is a newly disclosed sql injection vulnerability affecting Milesight VPN v2.0.2. The LoginAuth functionality in requestHandlers.js is the susceptible component. A skilled attacker can exploit this weakness by crafting a malicious network packet, bypassing authentication, and potentially gaining unauthorized access to the system. This issue poses a significant risk and requires immediate attention from Milesight for a patch release. Users are advised to implement protective measures, such as firewalls and intrusion detection systems, until a remediation is available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.