Lucene search

[email protected]NVD:CVE-2023-30799

HistoryJul 19, 2023 - 3:15 p.m.

CVE-2023-30799

2023-07-1915:15:10

CWE-269

[email protected]

web.nvd.nist.gov

mikrotik

routeros

privilege escalation

cve-2023-30799

winbox

http

admin

super-admin

remote attacker

authenticated attacker

arbitrary code

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

44.2%

JSON

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.

Affected configurations

Nvd

Node

mikrotikrouterosRange≤6.48.7ltr

mikrotikrouterosRange6.34–6.49.7-

VendorProductVersionCPE
mikrotikrouteros*cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*
mikrotikrouteros*cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*

Vendor	Product	Version	CPE
mikrotik	routeros	*	cpe:2.3:o:mikrotik:routeros:::::ltr:::*
mikrotik	routeros	*	cpe:2.3:o:mikrotik:routeros:::::-:::*

References

github.com/MarginResearch/FOISted

vulncheck.com/advisories/mikrotik-foisted

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

44.2%

JSON

Related for NVD:CVE-2023-30799

prion1 thn1 openvas1 cvelist1 cve1 nessus1