Headline

CVE-2023-30799: MikroTik RouterOS Administrator Privilege Escalation | VulnCheck Advisories

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.

1 year ago

CVE

Open in Source

#vulnerability #auth

ProductsResourcesCommunityCompany

Go back

MikroTik RouterOS Administrator Privilege Escalation

severity

critical

date

July 19, 2023

Affecting

MikroTik RouterOS stable through 6.49.6
MikroTik RouterOS long-term through 6.48.7

CVE

CVE-2023-30799

CVE type

Improper Privilege Management

CVSS

9.1

CVSS V3 Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References

Exploit

A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices. Cataloged as CVE-2023-30799 (CVSS score: 9.1), the shortcoming is expected to put approximately 500,000 and 900,000 RouterOS systems at risk of exploitation via their web and/or Winbox interfaces, respectively,

1 year ago

The Hacker News

Open in Source

#vulnerability #web #ddos #dos #botnet #auth #ssh #The Hacker News