Incorrect permission assignment for critical resource in MikroTik RouterOS

#VU22426 Incorrect permission assignment for critical resource in MikroTik RouterOS

Published: 2021-06-17

Vulnerability identifier: #VU22426

Vulnerability risk: Medium

CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2019-3978

CWE-ID: CWE-732

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
MikroTik RouterOS
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor: MikroTik

Description

The vulnerability allows a remote attacker to perform DNS cache poisoning attacks.

The vulnerability exists due to RouterOS allows a remote attacker to initiate DNS queries via port 8291/TCP. A remote attacker can force the router to send DNS requests to an attacker-contorted server and poison router's DNS cache.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

MikroTik RouterOS: 6.45.1 - 6.45.6, 6.44.1 - 6.44.5

External links
http://mikrotik.com/download/changelogs#6.45.7
http://www.tenable.com/security/research/tra-2019-46

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Mokrotik RouterOS