CVE-2024-45163

CRITICAL

Mirai Botnet through 2024-08-19 - Unauthenticated Denial of Service via TCP Connection Exhaustion

Title source: llm

Description

The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data.

References (4)

Core 4

Core References

Various Sources

https://cypressthatkid.medium.com/remote-dos-exploit-found-in-mirai-botnet-source-code-27a1aad284f1

Various Sources

https://pastebin.com/6tqHnCva

Various Sources

https://youtu.be/aJkvSr85ML8

https://flowtriq.com/blog/cve-2024-45163-mirai-botnet-kill-switch

Scores

CVSS v3 9.1

EPSS 0.0077

EPSS Percentile 50.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Published Aug 22, 2024

Tracked Since Feb 18, 2026