CVE-2023-22371

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Jul 6, 2023

Updated: Jul 13, 2023

CWE ID 78

CWE ID 77

Summary

CVE-2023-22371 is a new vulnerability affecting Milesight VPN v2.0.2. This issue involves an os command injection flaw in the liburvpn.so create_private_key functionality. Maliciously crafted network requests can exploit this vulnerability, enabling an attacker to execute commands on the targeted system, potentially leading to significant security risks. The vulnerability can be triggered by an attacker sending a malicious packet to the affected VPN server. Users are strongly advised to install the latest security patches to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Milesight

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/r5dTW3
https://www.cve.org/CVERecord?id=CVE-2023-22371
https://nvd.nist.gov/vuln/detail/CVE-2023-22371

Back to Vulnerability Database

CVE-2023-22371

CVSS 3.1 Score 8.1 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations