Loop Dos CVE-2024-2169 Mikrotik

za7 · March 21, 2024, 4:30pm

Loop DoS: New Denial-of-Service Attack targets Application-Layer Protocols
https://www.bleepingcomputer.com/news/security/new-loop-dos-attack-may-impact-up-to-300-000-online-systems/
https://cispa.de/en/loop-dos
https://kb.cert.org/vuls/id/417980

Notified: 2024-01-17 Updated: 2024-03-19
Statement Date: January 17, 2024
CVE-2009-3563 Unknown
CVE-2024-1309 Unknown
CVE-2024-2169 Affected
Vendor Statement
Our TFTP service is affected, we have resolved the issue in 7.14beta6 version. Stable versions after 7.13.2 will include a patch for this issue.

Larsa · March 21, 2024, 6:11pm

Just a friendly reminder: Never ever expose TFTP or similar services directly to the internet. Doing so poses serious security risks, otherwise you don’t have to worry about CVE-2024-2169.

R1CH · March 22, 2024, 3:44pm

Calling this “new” in 2024… everything old is eventually rediscovered and called new I guess . This has been known about since the dawn of the internet. You should not be exposing such services to untrusted networks.

mada3k · March 22, 2024, 5:18pm

Almost all UDP services can be exploited. Never leave them open to the wild.