Privilege escalation vulnerability CVE-2023-30799 in MikroTik routers, patch urgently

Sicherheit (Pexels, allgemeine Nutzung)In case you haven't noticed, MikroTik RouterOS Stable before version 6.49.7 and in the long-term version up to 6.48.6 contains a vulnerability CVE-2023-30799 that allows an attacker to escalate privileges, but the attacker must be authenticated. However, he can then remotely escalate privileges from admin to super-admin on the Winbox or HTTP interface. This then allows him to execute arbitrary code on the system. Details can be found on GitHub; MikroTik posted this warning. This issue is fixed in all RouterOS versions available on the MikroTik download page (v7.7 and v6.49.7 and newer). According to the colleagues at Bleeping Computer, 900,000 devices are potentially vulnerable to this vulnerability.


Advertising


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).