Lucene search

K
cvelistTenableCVELIST:CVE-2019-3979
HistoryOct 28, 2019 - 9:33 p.m.

CVE-2019-3979

2019-10-2821:33:25
tenable
www.cve.org
2

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

54.9%

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router’s DNS cache via malicious responses with additional and untrue records.

CNA Affected

[
  {
    "product": "MikroTik RouterOS",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "RouterOS 6.45.6 Stable and below. RouterOS 6.44.5 Long-term and below."
      }
    ]
  }
]

AI Score

7.6

Confidence

High

EPSS

0.002

Percentile

54.9%

Related for CVELIST:CVE-2019-3979