Lucene search

[email protected]CVE-2019-13955

HistoryJul 26, 2019 - 1:15 p.m.

CVE-2019-13955

2019-07-2613:15:00

CWE-674

[email protected]

web.nvd.nist.gov

336

mikrotik

routeros

cve-2019-13955

stack exhaustion

http

json

nvd

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

33.2%

JSON

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.

CPENameOperatorVersion
mikrotik:routerosmikrotik routeroslt6.44.5
mikrotik:routerosmikrotik routeroseq6.45

CPE	Name	Operator	Version
mikrotik:routeros	mikrotik routeros	lt	6.44.5
mikrotik:routeros	mikrotik routeros	eq	6.45

References

packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html

seclists.org/fulldisclosure/2019/Jul/20

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

33.2%

JSON

Related for CVE-2019-13955

prion1 nessus1 openvas1