CVE-2022-34960
CriticalPublic PoC
Published: 25 August 2022
Published
25 August 2022
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.0054
67.9th percentile
Risk Priority
20
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2022-34960 is a critical-severity Link Following (CWE-59) vulnerability in Mikrotik Routeros. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 32.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-37862
Vulnerability details
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the…
more
host.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
mikrotik
routeros
7.4
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.