CVE-2023-30799

MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*
cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*

History

28 Jul 2023, 13:47

Type Values Removed Values Added
CPE cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*
cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*
References (MISC) https://vulncheck.com/advisories/mikrotik-foisted - (MISC) https://vulncheck.com/advisories/mikrotik-foisted - Third Party Advisory
References (MISC) https://github.com/MarginResearch/FOISted - (MISC) https://github.com/MarginResearch/FOISted - Third Party Advisory
CWE NVD-CWE-noinfo
First Time Mikrotik
Mikrotik routeros
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.2

19 Jul 2023, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-19 15:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-30799

Mitre link : CVE-2023-30799

CVE.ORG link : CVE-2023-30799


JSON object : View

Products Affected

mikrotik

  • routeros
CWE
NVD-CWE-noinfo CWE-269

Improper Privilege Management