PT-2023-2059 · Mikrotik · Mikrotik Routeros

Publicado

2023-01-12

Atualizado

2025-02-19

CVE-2023-24094

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS version 6.40.5

Description The issue in the bridge2 component of MikroTik RouterOS is related to errors in resource release, which can be exploited by attackers to cause a Denial of Service (DoS) via crafted packets. This can be achieved by a remote attacker sending specially formed packets.

Recommendations For MikroTik RouterOS version 6.40.5, consider disabling the bridge2 component as a temporary workaround until a patch is available. Restrict access to the bridge interface to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Improper Resource Release

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-404CWE-787

Identificadores relacionados

BDU:2023-01782

CVE-2023-24094

Produtos afetados

Mikrotik Routeros

PT-2023-2059 · Mikrotik · Mikrotik Routeros

CVE-2023-24094

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9