Headline
CVE-2023-30799: MikroTik RouterOS Administrator Privilege Escalation | VulnCheck Advisories
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
ProductsResourcesCommunityCompany
Go back
MikroTik RouterOS Administrator Privilege Escalation
severity
critical
date
July 19, 2023
Affecting
MikroTik RouterOS stable through 6.49.6
MikroTik RouterOS long-term through 6.48.7
CVE
CVE-2023-30799
CVE type
Improper Privilege Management
CVSS
9.1
CVSS V3 Vector
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
References
- Exploit
Related news
A severe privilege escalation issue impacting MikroTik RouterOS could be weaponized by remote malicious actors to execute arbitrary code and seize full control of vulnerable devices. Cataloged as CVE-2023-30799 (CVSS score: 9.1), the shortcoming is expected to put approximately 500,000 and 900,000 RouterOS systems at risk of exploitation via their web and/or Winbox interfaces, respectively,