Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_MIKROTIK_CVE-2019-13955.NASLHistoryFeb 27, 2024 - 12:00 a.m.
MikroTik RouterOS Uncontrolled Recursion (CVE-2019-13955)
2024-02-2700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
mikrotik
routeros
vulnerability
uncontrolled recursion
http server
crash
crafted requests
Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to stack exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server via recursive parsing of JSON. Malicious code cannot be injected.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502057);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/28");
script_cve_id("CVE-2019-13955");
script_name(english:"MikroTik RouterOS Uncontrolled Recursion (CVE-2019-13955)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable
to stack exhaustion. By sending a crafted HTTP request, an
authenticated remote attacker can crash the HTTP server via recursive
parsing of JSON. Malicious code cannot be injected.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
# http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?000600fe");
script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2019/Jul/20");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13955");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(674);
script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/26");
script_set_attribute(attribute:"patch_publication_date", value:"2019/07/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/27");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mikrotik:routeros:6.44.5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mikrotik:routeros:6.45");
script_set_attribute(attribute:"generated_plugin", value:"former");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/MikroTik");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/MikroTik');
var asset = tenable_ot::assets::get(vendor:'MikroTik');
var vuln_cpes = {
"cpe:/o:mikrotik:routeros:6.44.5" :
{"versionEndExcluding" : "6.44.5", "family" : "RouterOS"},
"cpe:/o:mikrotik:routeros:6.45" :
{"versionEndIncluding" : "6.45", "versionStartIncluding" : "6.45", "family" : "RouterOS"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
Related
cve
cve
CVE-2019-13955
2019-07-26 13:15:00
prion
prion
Code injection
2019-07-26 13:15:00
cvelist
cvelist
CVE-2019-13955
2019-07-26 12:13:50
openvas
openvas
Related for TENABLE_OT_MIKROTIK_CVE-2019-13955.NASL