Resource exhaustion in MikroTik RouterOS

#VU13336 Resource exhaustion in MikroTik RouterOS

Published: 2020-03-18

Vulnerability identifier: #VU13336

Vulnerability risk: Low

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-7285

CWE-ID: CWE-400

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
MikroTik RouterOS
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: MikroTik

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in the network stack due to an error when processing malicious input. A remote attacker can submit a flood of TCP RST packets, exhaust all available CPU and prevent the affected router from accepting new TCP connections.

Mitigation
Install update from vendor's website.

Vulnerable software versions

MikroTik RouterOS: 6.38.5

External links
http://cxsecurity.com/issue/WLB-2017030242

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Denial of service in MikroTik RouterBoard