Vulnerabilities in UDP Implementations Lead to Denial of Service and Resource Abuse
CVE-2024-2169

Currently unrated

Key Information:

Vendor: Mikrotik
Status: Routeros-tftp; Wds; Dproxy-nexgen
Vendor: CVE Published:; 19 March 2024

Badges

👾 Exploit Exists📰 News Worthy

What is CVE-2024-2169?

Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources.

Affected Version(s)

dproxy-nexgen 0.1 <= 0.5

RouterOS-TFTP * <= 7.13.2

WDS *

News Articles

Beeping Computers

CVE-2024-2169

New ‘Loop DoS’ attack may impact up to 300,000 online systems

A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic.

References

https://kb.cert.org/vuls/id/417980

https://www.kb.cert.org/vuls/id/417980

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Mar 24, 2024
📰
First article discovered by Beeping Computers
Mar 20, 2024
Vulnerability published
Mar 19, 2024
Vulnerability Reserved
Mar 4, 2024

Credit

Thanks to the reporters Yepeng Pan and Christian Rossow from the CISPA Helmholtz Center for Information Security, Germany.

Mikrotik