CVE-2024-45163

Published: Aug 22, 2024Modified: Mar 18, 2026

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Exploitability: 3.9 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data.

Related CWEs

CWE-400

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (4)

https://cypressthatkid.medium.com/remote-dos-exploit-found-in-mirai-botnet-source-code-27a1aad284f1

Source: cve@mitre.org

https://flowtriq.com/blog/cve-2024-45163-mirai-botnet-kill-switch

Source: cve@mitre.org

https://pastebin.com/6tqHnCva

Source: cve@mitre.org

https://youtu.be/aJkvSr85ML8

Source: cve@mitre.org

Timeline

No history available yet.