CVE-2023-22319 – This SQL injection vulnerability in Milesight V... (How to Fix)

Q: What is the severity of CVE-2023-22319?

CVE-2023-22319 has a CVSS score of 7.3 (HIGH). This SQL injection vulnerability in Milesight VPN v2.0.2 allows attackers to bypass authentication by sending specially crafted network requests to the LoginAuth functionality. Attackers can gain unauthorized access to VPN systems without valid credentials. Organizations using Milesight VPN v2.0.2 are affected.

📋 TL;DR

This SQL injection vulnerability in Milesight VPN v2.0.2 allows attackers to bypass authentication by sending specially crafted network requests to the LoginAuth functionality. Attackers can gain unauthorized access to VPN systems without valid credentials. Organizations using Milesight VPN v2.0.2 are affected.

💻 Affected Systems

Products:

Milesight VPN

Versions: v2.0.2

Operating Systems: All platforms running Milesight VPN

Default Config Vulnerable: ⚠️ Yes

Notes: All deployments of Milesight VPN v2.0.2 are vulnerable regardless of configuration.

📦 What is this software?

Milesightvpn by Milesight

View all CVEs affecting Milesightvpn →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete VPN compromise allowing attackers to intercept all VPN traffic, access internal networks, and potentially pivot to other systems.

🟠

Likely Case

Unauthorized VPN access leading to data exfiltration, lateral movement within the network, and credential harvesting.

🟢

If Mitigated

Limited impact with proper network segmentation, monitoring, and authentication controls in place.

🌐 Internet-Facing: HIGH - VPN endpoints are typically internet-facing and directly accessible to attackers.

🏢 Internal Only: MEDIUM - If VPN is only accessible internally, risk is reduced but still significant for insider threats.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection in authentication endpoint requires minimal technical skill to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2.0.3 or later

Vendor Advisory: https://www.milesight.com/security-advisory/

Restart Required: Yes

Instructions:

1. Download latest version from Milesight vendor portal. 2. Backup current configuration. 3. Stop VPN service. 4. Install updated version. 5. Restart VPN service. 6. Verify functionality.

🔧 Temporary Workarounds

Network Access Control

linux

Restrict access to VPN endpoints using firewall rules or network segmentation.

iptables -A INPUT -p tcp --dport [VPN_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [VPN_PORT] -j DROP

Web Application Firewall

all

Deploy WAF with SQL injection protection rules in front of VPN endpoint.

🧯 If You Can't Patch

Implement multi-factor authentication for VPN access
Monitor VPN authentication logs for suspicious activity and failed login attempts

🔍 How to Verify

Check if Vulnerable:

Check Milesight VPN version via web interface or configuration files for v2.0.2.

Check Version:

grep -i version /opt/milesight/vpn/config/*.conf 2>/dev/null || echo 'Check web interface'

Verify Fix Applied:

Verify version is updated to v2.0.3 or later and test authentication with SQL injection payloads.

📡 Detection & Monitoring

Log Indicators:

Unusual SQL syntax in authentication logs
Successful logins from unexpected IPs
Multiple failed login attempts with SQL payloads

Network Indicators:

SQL keywords in authentication requests
Unusual authentication request patterns
Traffic to VPN endpoint with SQL injection patterns

SIEM Query:

source="vpn_logs" AND ("SELECT" OR "UNION" OR "' OR '1'='1") AND event_type="authentication"

📊 Metadata

CVE ID: CVE-2023-22319

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-89

Published: July 6, 2023

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1701 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1701 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1701

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22319, you might also want to check these: