MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.

Advisories
Source ID Title
EUVD EUVD EUVD-2023-35159 MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 24 Oct 2024 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2024-10-24T18:50:44.384Z

Reserved: 2023-04-18T10:31:45.962Z

Link: CVE-2023-30799

cve-icon Vulnrichment

Updated: 2024-08-02T14:37:15.268Z

cve-icon NVD

Status : Modified

Published: 2023-07-19T15:15:10.477

Modified: 2024-11-21T08:00:55.520

Link: CVE-2023-30799

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.