Authentication Bypass Vulnerability in Milesight VPN by Milesight
CVE-2023-22844

7.3HIGH

Key Information:

Vendor: Milesight
Status: Milesightvpn
Vendor: CVE Published:; 6 July 2023

What is CVE-2023-22844?

An authentication bypass vulnerability has been identified in the verifyToken functionality within requestHandlers.js of Milesight VPN version 2.0.2. This flaw allows attackers to exploit specially-crafted network requests, enabling them to bypass authentication mechanisms. Successful exploitation could potentially grant unauthorized access to sensitive functionalities within the application, making it critical for users to apply patches and monitor their security configurations closely.

Affected Version(s)

MilesightVPN v2.0.2

References

https://talosintelligence.com/vulnerability_reports/TALOS...

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 6, 2023
Vulnerability Reserved
Jan 20, 2023

Credit

Discovered by Francesco Benvenuto of Cisco Talos.

CVE-2023-22844 Data

JSON