Denial of Service Vulnerability in MikroTik RouterOS Bridge2 Component
CVE-2023-24094

7.5HIGH

Key Information:

Vendor: Mikrotik
Status: Routeros
Vendor: CVE Published:; 27 March 2023

What is CVE-2023-24094?

The bridge2 component of MikroTik RouterOS version 6.40.5 is susceptible to a Denial of Service (DoS) attack due to improperly managed crafted packets. This vulnerability enables attackers to disrupt service by overwhelming the system, potentially preventing legitimate users from accessing essential network resources. Users of RouterOS are advised to review the available security measures to mitigate this issue and ensure their networks are protected.

References

http://mikrotik.com

http://routeros.com

https://github.com/ZYen12138/RouterOS/blob/main/CVE-2023-...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2023
Vulnerability Reserved
Jan 23, 2023

Mikrotik

What is CVE-2023-24094?

References

CVSS V3.1

Timeline