4 matches found
MikroTik RouterOS Link Following (CVE-2022-34960)
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host. This plugin only works with Tenable.ot. Please...
MikroTik RouterOS Privilege Escalation Vulnerability (CVE-2022-34960)
MikroTik RouterOS is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2022-34960
creationtimestamp| type| source ---|---|--- 2022-08-25 07:23:13+00:00| seen| https://t.me/cibsecurity/48694 2022-10-01 13:41:12+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6894...
CVE-2022-34960
CVE-2022-34960 affects MikroTik RouterOS 7.4beta4 via the container package. An attacker can create mount points to symbolic links that resolve to host locations, allowing mounting of arbitrary files to the host. Impact: high confidentialitiy, integrity, and availability as per CVSS 3.1 (9.8). Ex...