CVE-2023-22299
published 2023-07-06CVE-2023-22299: An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can…
PriorityP263high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.48%
87.6th percentile
An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| milesight | ur32l | — | — |
| milesight | ur32l_firmware | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c524-9cv5-wppq: An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32
ghsa_unreviewed·2023-07-06
CVE-2023-22299 [HIGH] CWE-78 GHSA-c524-9cv5-wppq: An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32
An OS command injection vulnerability exists in the vtysh_ubus _get_fw_logs functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.
Red Hat
gstreamer: MXF demuxer use-after-free vulnerability
vendor_redhat·2023-11-13·CVSS 8.8
CVE-2023-44446 [HIGH] CWE-416 gstreamer: MXF demuxer use-after-free vulnerability
gstreamer: MXF demuxer use-after-free vulnerability
GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.
The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22299.
A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allo
No detection rules found.
No public exploits indexed.
Talos
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
blogs_talos·2023-08-02
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
## The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
Since the discovery of the widespread VPNFilter malware in 2018 , Cisco Talos researchers have been researching vulnerabilities in small and home office (SOHO) and industrial routers.
During that research, Talos has worked with vendors to report and mitigate these vulnerabilities, totaling 141 advisories covering 289 CVEs across multiple routers.
Talos is highlighting some of the major issues our researchers discovered over the past several years, including vulnerabilities that an attacker could mostly directly access or those an adversary could chain together to gain elevated access to the devices.
There are several Snort rules that can detect possible exploitation of the vulnerabilitie
Talos
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
blogs_talos·2023-08-02
The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter
- Since the discovery of the widespread VPNFilter malware in 2018, Cisco Talos researchers have been researching vulnerabilities in small and home office (SOHO) and industrial routers.
- During that research, Talos has worked with vendors to report and mitigate these vulnerabilities, totaling 141 advisories covering 289 CVEs across multiple routers.
- Talos is highlighting some of the major issues our researchers discovered over the past several years, including vulnerabilities that an attacker could mostly directly access or those an adversary could chain together to gain elevated access to the devices.
- There are several Snort rules that can detect possible exploitation of the vulnerabilities included in this post.
Small office/home office (SOHO) routers and small-scale industrial rout
Talos
Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain
blogs_talos·2023-07-06
Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain
## Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain
Cisco Talos discovered 17 vulnerabilities (63 CVEs) in the Milesight UR32L router and five vulnerabilities (six CVEs) in the Milesight MilesightVPN remote access solution software.
An attacker could exploit the vulnerabilities discovered to completely compromise the UR32L and MilesightVPN.
This post presents an attack scenario in which the UR32L is only reachable through the MilesightVPN remote access solution. The blog explains how an attacker could exploit the MilesightVPN and then fully compromise the UR32L.
Update: Milesight informed us on Aug. 4, 2023 that they have released firmware version 32.3.0.7 to address these issues. Talos has confirmed that the issues no longer reproduce on this firmw
Talos
Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain
blogs_talos·2023-07-06
Taking over Milesight UR32L routers behind a VPN: 22 vulnerabilities and a full chain
- Cisco Talos discovered 17 vulnerabilities (63 CVEs) in the Milesight UR32L router and five vulnerabilities (six CVEs) in the Milesight MilesightVPN remote access solution software.
- An attacker could exploit the vulnerabilities discovered to completely compromise the UR32L and MilesightVPN.
- This post presents an attack scenario in which the UR32L is only reachable through the MilesightVPN remote access solution. The blog explains how an attacker could exploit the MilesightVPN and then fully compromise the UR32L.
Update: Milesight informed us on Aug. 4, 2023 that they have released firmware version 32.3.0.7 to address these issues. Talos has confirmed that the issues no longer reproduce on this firmware.
Cisco Talos recently discovered several vulnerabilities in Milesight‘s UR32L – a
2023-07-06
Published