Memory corruption in MikroTik RouterOS - #VU10752
Published: February 27, 2018
Vulnerability identifier: #VU10752
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: MikroTik
Affected software:
MikroTik RouterOS
MikroTik RouterOS
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to boundary error error within IKE1 implementation when handling IPv6 packets. A remote attacker can send a series of specially crafted packets and trigger memory corruption.
Successful exploitation of the vulnerability may result in denial of service (DoS) attack.
The vulnerability exists due to boundary error error within IKE1 implementation when handling IPv6 packets. A remote attacker can send a series of specially crafted packets and trigger memory corruption.
Successful exploitation of the vulnerability may result in denial of service (DoS) attack.
Remediation
Update your firmware to version 6.40.6 or 6.41.