Vulnerabilities in UDP Implementations Lead to Denial of Service and Resource Abuse
CVE-2024-2169

Currently unrated

Key Information:

Vendor

Mikrotik

Status
Routeros-tftp
Wds
Dproxy-nexgen
Vendor
CVE Published:
19 March 2024

Badges

šŸ‘¾ Exploit ExistsšŸ“° News Worthy

What is CVE-2024-2169?

Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.

Affected Version(s)

dproxy-nexgen 0.1 <= 0.5

RouterOS-TFTP * <= 7.13.2

WDS *

News Articles

favicon imageBeeping Computers

New ā€˜Loop DoSā€™ attack may impact up to 300,000 online systems

A new denial-of-serviceĀ attack dubbed 'Loop DoS' targeting application layer protocols canĀ pairĀ network services into an indefinite communication loop that creates large volumes of traffic.

References

https://kb.cert.org/vuls/id/417980
https://www.kb.cert.org/vuls/id/417980

Timeline

  • šŸ‘¾

    Exploit known to exist

  • šŸ“°

    First article discovered by Beeping Computers

  • Vulnerability published

  • Vulnerability Reserved

Credit

Thanks to the reporters Yepeng Pan and Christian Rossow from the CISPA Helmholtz Center for Information Security, Germany.
.