Multiple vulnerabilities in Mikrotik RouterOS



Published: 2018-08-25
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE ID CVE-2018-1156
CVE-2018-1157
CVE-2018-1158
CVE-2018-1159
CWE ID CWE-121
CWE-399
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
MikroTik RouterOS
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor MikroTik

Security Advisory

1) Stack-based buffer overflow

Risk: Low

CVSSv3: 6.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-1156

CWE-ID: CWE-121 - Stack-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the license upgrade interface. A remote authenticated attacker can send a specially crafted request to the affected device, trigger stack-based buffer overflow and execute arbitrary code on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MikroTik RouterOS: 6.40.1, 6.40.2, 6.40.3, 6.40.4, 6.40.5, 6.40.6, 6.40.7, 6.40.8, 6.41.1, 6.41.2, 6.41.3, 6.41.4, 6.42.1, 6.42.2, 6.42.3, 6.42.4, 6.42.5, 6.42.6

CPE External links

https://mikrotik.com/download/changelogs

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Denial of service

Risk: Medium

CVSSv3: 4.3 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-1157

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing requests within the HTTP server. A remote authenticated attacker can send specially crafted requests to the affected device and crash the HTTP server or reload the router.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MikroTik RouterOS: 6.40.1, 6.40.2, 6.40.3, 6.40.4, 6.40.5, 6.40.6, 6.40.7, 6.40.8, 6.41.1, 6.41.2, 6.41.3, 6.41.4, 6.42.1, 6.42.2, 6.42.3, 6.42.4, 6.42.5, 6.42.6

CPE External links

https://mikrotik.com/download/changelogs

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Denial of service

Risk: Low

CVSSv3: 2.4 [CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1158

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when parsing recursive JSON requests within the HTTP server. A remote authenticated attacker can send specially crafted requets to the affected device and crash the HTTP server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MikroTik RouterOS: 6.40.1, 6.40.2, 6.40.3, 6.40.4, 6.40.5, 6.40.6, 6.40.7, 6.40.8, 6.41.1, 6.41.2, 6.41.3, 6.41.4, 6.42.1, 6.42.2, 6.42.3, 6.42.4, 6.42.5, 6.42.6

CPE External links

https://mikrotik.com/download/changelogs

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory corruption

Risk: Low

CVSSv3: 3.8 [CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1159

CWE-ID: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the HTTP server. A remote authenticated attacker can crash the affected HTTP server by rapidly authenticating and disconnecting.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

MikroTik RouterOS: 6.40.1, 6.40.2, 6.40.3, 6.40.4, 6.40.5, 6.40.6, 6.40.7, 6.40.8, 6.41.1, 6.41.2, 6.41.3, 6.41.4, 6.42.1, 6.42.2, 6.42.3, 6.42.4, 6.42.5, 6.42.6

CPE External links

https://mikrotik.com/download/changelogs

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

How the attacker can exploit this vulnerability?

The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.