CVE-2019-3978

🗓️ 28 Oct 2019 21:32:57Reported by tenableType

RouterOS versions 6.45.6 and below allow remote unauthenticated attackers to trigger DNS queries via port 8291, potentially resulting in cache poisoning

Reporter	Title	Published	Views	Family All 16
0day.today	MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Exploit	31 Oct 201900:00	–	zdt
Circl	CVE-2019-3978	29 Oct 201918:57	–	circl
Cvelist	CVE-2019-3978	28 Oct 201921:32	–	cvelist
Exploit DB	MikroTik RouterOS 6.45.6 - DNS Cache Poisoning	31 Oct 201900:00	–	exploitdb
exploitpack	MikroTik RouterOS 6.45.6 - DNS Cache Poisoning	31 Oct 201900:00	–	exploitpack
Tenable Nessus	MikroTik RouterOS < 6.44.6 LTS or 6.45.x < 6.45.7 Multiple Vulnerabilities	31 Oct 201900:00	–	nessus
Tenable Nessus	MikroTik RouterOS DNS Cache Poisoning (CVE-2019-3978)	19 Mar 202000:00	–	nessus
Tenable Nessus	MikroTik RouterOS Missing Authentication for Critical Function (CVE-2019-3978)	27 Feb 202400:00	–	nessus
NVD	CVE-2019-3978	29 Oct 201919:15	–	nvd
OpenVAS	MikroTik RouterOS < 6.44.6 (LTS), < 6.45.7 (Stable) Multiple Vulnerabilities	30 Oct 201900:00	–	openvas

NVD

Node

mikrotik routerosRange≤6.44.5ltr

mikrotik routerosRange≤6.45.6-

[
  {
    "product": "MikroTik RouterOS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
      }
    ]
  }
]

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html
tenable	www.tenable.com/security/research/tra-2019-46

21 Nov 2024 04:42Current

7.6High risk

Vulners AI Score7.6

CVSS 25

CVSS 3.17.5

EPSS0.11844

CWE-306