Multiple vulnerabilities in Mikrotik RouterOS
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 CVE-2014-8160 CVE-2019-13074 CVE-2018-10066 |
| CWE-ID | CWE-190 CWE-400 CWE-399 CWE-264 CWE-300 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
MikroTik RouterOS Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | MikroTik |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU18813
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11477
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to integer overflow when handling TCP Selective Acknowledgments (SACKs) due to incorrect processing of TCP_SKB_CB(skb)->tcp_gso_segs value in Linux kernel. A remote non-authenticated attacker can send specially crafted network traffic to the affected system, trigger integer overflow and render the system unavailable.
Successful exploitation of the vulnerability allows a remote attacker to perform denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
MikroTik RouterOS: 6.41 - 6.44.3
External linkshttp://mikrotik.com/download/changelogs/#6.45.1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU18946
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11478
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to an error when processing TCP Selective Acknowledgment (SACK) sequences within the Linux kernel TCP retransmission queue implementation in tcp_fragment. A remote non-authenticated attacker can send specially crafted network traffic to the affected system and perform a denial of service (DoS) attack.
Mitigation
Install updates from vendor's website.
MikroTik RouterOS: 6.41 - 6.44.3
External linkshttp://mikrotik.com/download/changelogs/#6.45.1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU18947
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-11479
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to presence of hard-coded MSS value (48 bytes) in the Linux kernel source code. A remote attacker can fragment TCP resend queues significantly more than if a larger MSS were enforced and perform denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
MikroTik RouterOS: 6.41 - 6.44.3
External linkshttp://mikrotik.com/download/changelogs/#6.45.1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource management error
EUVDB-ID: #VU18950
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2014-8160
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel generates incorrect conntrack entries when handling certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols. A remote attacker can send packets with disallowed port numbers to the affected system and bypass iptables filtering rules.
MitigationInstall updates from vendor's website.
MikroTik RouterOS: 6.41 - 6.44.3
External linkshttp://mikrotik.com/download/changelogs/#6.45.1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU18949
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-13074
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unspecified error. A remote attacker can bypass certain security restrictions.
Install updates from vendor's website.
Vulnerable software versionsMikroTik RouterOS: 6.41 - 6.44.3
External linkshttp://mikrotik.com/download/changelogs/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Man-in-the-Middle (MitM) attack
EUVDB-ID: #VU18951
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-10066
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform man-in-the-middle (MitM) attack.
The vulnerability exists due to missing OpenVPN server certificate verification. A remote attacker can perform MitM attack and trick the affected device to connect to a malicious OpenVPN server.
Successful exploitation of this vulnerability may allow an attacker to gain unauthorized access to a local network, behind the Mikrotik router.
MitigationInstall updates from vendor's website.
Vulnerable software versionsMikroTik RouterOS: 6.41 - 6.44.3
External linkshttp://janis-streib.de/2018/04/11/mikrotik-openvpn-security
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
