CVE-2023-22365: OS Command Injection
First published: Thu Jul 06 2023(Updated: )
An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Milesight Ur32l Firmware | =32.3.0.5 | |
| Milesight UR32L |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this OS command injection vulnerability?
The vulnerability ID for this OS command injection vulnerability is CVE-2023-22365.
What is the affected software?
The affected software is Milesight UR32L v32.3.0.5 firmware.
How does the vulnerability occur?
The vulnerability occurs in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is high, with a CVSS score of 7.2.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by sending a specially crafted set of network packets, which can lead to command execution.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/type
- agent/event
- agent/description
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/milesight
- canonical/milesight ur32l firmware
- version/milesight ur32l firmware/32.3.0.5
- canonical/milesight ur32l