CVE-2023-25101

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Jul 6, 2023
Updated: Aug 2, 2023
CWE ID 121
CWE ID 787

Summary

CVE-2023-25101 is a serious buffer overflow vulnerability affecting the vtysh_ubus binary of Milesight UR32L v32.3.0.5. The issue arises due to the use of an unsafe sprintf pattern, which can be exploited through a specially crafted HTTP request. An attacker with high privileges can send these requests to trigger the vulnerability. The buffer overflow occurs specifically in the set_dmvpn function, where the gre_key variable is being handled. This vulnerability can potentially lead to arbitrary code execution.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share