Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-30799: MikroTik RouterOS Administrator Privilege Escalation | VulnCheck Advisories

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.

CVE
#vulnerability#auth

ProductsResourcesCommunityCompany

Go back

MikroTik RouterOS Administrator Privilege Escalation

severity

critical

date

July 19, 2023

Affecting

  • MikroTik RouterOS stable through 6.49.6

  • MikroTik RouterOS long-term through 6.48.7

CVE

CVE-2023-30799

CVE type

Improper Privilege Management

CVSS

9.1

CVSS V3 Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

References

  • Exploit

Related news

Critical MikroTik RouterOS Vulnerability Exposes Over Half a Million Devices to Hacking

A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices. Cataloged as CVE-2023-30799 (CVSS score: 9.1), the shortcoming is expected to put approximately 500,000 and 900,000 RouterOS systems at risk of exploitation via their web and/or Winbox interfaces, respectively,

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907