itman 1,602 Posted July 26 Share Posted July 26 (edited) Quote Up to 900,00 MikroTik routers — a popular target for threat actors including nation-state groups — may be open to attack via a privilege escalation vulnerability in the RouterOS operating system. The vulnerability (CVE-2023-30788) gives attackers a way to take complete control of affected MIPS-processor-based MikroTik devices and pivot into an organization's network, according to researchers from VulnCheck, which just published several new exploits for the flaw. Attackers can also use it to enable man-in-the-middle attacks on network traffic flowing through the router, they warned. Versions of MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to the issue. "The worst-case scenario is that an attacker can install and execute arbitrary tools on the underlying Linux operating system," says Jacob Baines, leader researcher at VulnCheck. "Remote and authenticated attackers can use the vulnerability to get a root shell on the router," by escalating admin-level privileges to that of a super-administrator. MikroTik has released a fix for impacted RouterOS versions, and admins should apply it quickly. https://www.darkreading.com/vulnerabilities-threats/up-to-900k-mikrotik-routers-vulnerable-total-takeover Edited July 26 by itman peteyt 1 Quote Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 198 Posted July 27 Most Valued Members Share Posted July 27 4 years before I had a client with Mikrotek , one of the worst experiences I had with a router/firewall.. Quote Link to comment Share on other sites More sharing options...
karlisi 26 Posted July 27 Share Posted July 27 (edited) Most of our network is based on Mikrotik products. No worse or better than other systems. As of this vulnerability, it's exploitable only if malicious person has administrative access to device, so, this is the main problem. Here is what Mikrotik says about it https://blog.mikrotik.com/security/cve-2023-30799.html Edited July 27 by karlisi Quote Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 198 Posted July 27 Most Valued Members Share Posted July 27 (edited) 29 minutes ago, karlisi said: Most of our network is based on Mikrotik products. No worse or better than other systems. As of this vulnerability, it's exploitable only if malicious person has administrative access to device, so, this is the main problem. Here is what Mikrotik says about it https://blog.mikrotik.com/security/cve-2023-30799.html Indeed it's just my opinion , many will disagree with me , and true vulnerabilities happen to all , but I just found other brands easier to work with. Edited July 27 by Nightowl Quote Link to comment Share on other sites More sharing options...
itman 1,602 Posted July 27 Author Share Posted July 27 Here's the full technical details on the vulnerability: https://margin.re/2022/06/pulling-mikrotik-into-the-limelight/ . The issue is that privilege escalation can occur from admin level to "God mode" level. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.