CVE-2024-45163

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-45163
The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data.

9.1 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://cypressthatkid.medium.com/remote-dos-exploit-found-in-mirai-botnet-source-code-27a1aad284f1
https://pastebin.com/6tqHnCva
https://youtu.be/aJkvSr85ML8
Configurations

No configuration.

History

22 Aug 2024, 15:35

Type Values Removed Values Added
CWE CWE-400
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.1

22 Aug 2024, 12:48

Type Values Removed Values Added
Summary
  • (es) Mirai botnet hasta el 19 de agosto de 2024 maneja mal las conexiones TCP simultáneas al servidor CNC (comando y control). Las sesiones no autenticadas permanecen abiertas, lo que provoca un consumo de recursos. Por ejemplo, un atacante puede enviar un nombre de usuario reconocido (como root) o puede enviar datos arbitrarios.

22 Aug 2024, 04:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-22 04:15

Updated : 2024-08-22 15:35

NVD link : CVE-2024-45163

Mitre link : CVE-2024-45163

CVE.ORG link : CVE-2024-45163

JSON object : View

Products Affected

No product.

CWE
CWE-400

Uncontrolled Resource Consumption


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024