Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2019-3978
HistoryOct 29, 2019 - 7:15 p.m.

CVE-2019-3978

2019-10-2919:15:20
CWE-306
[email protected]
web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.7 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.7%

JSON

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker’s choice. The DNS responses are cached by the router, potentially resulting in cache poisoning

Affected configurations

NVD
Node
mikrotikrouterosRange6.44.5ltr
OR
mikrotikrouterosRange6.45.6-

Related

nessus 3
cvelist 1
prion 1
cve 1
zdt 1
exploitpack 1
packetstorm 1
exploitdb 1
openvas 1
threatpost 1
thn 1
nessus
nessus
MikroTik RouterOS Missing Authentication for Critical Function (CVE-2019-3978)
2024-02-27 00:00:00
MikroTik RouterOS DNS Cache Poisoning (CVE-2019-3978)
2020-03-19 00:00:00
MikroTik RouterOS < 6.44.6 LTS or 6.45.x < 6.45.7 Multiple Vulnerabilities
2019-10-31 00:00:00
cvelist
cvelist
CVE-2019-3978
2019-10-28 21:32:57
prion
prion
Default configuration
2019-10-29 19:15:00
cve
cve
CVE-2019-3978
2019-10-29 19:15:20
zdt
zdt
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Exploit
2019-10-31 00:00:00
exploitpack
exploitpack
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
2019-10-31 00:00:00
packetstorm
packetstorm
MikroTik RouterOS 6.45.6 DNS Cache Poisoning
2019-10-31 00:00:00
exploitdb
exploitdb
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
2019-10-31 00:00:00
openvas
openvas
MikroTik RouterOS < 6.44.6 (LTS), < 6.45.7 (Stable) Multiple Vulnerabilities
2019-10-30 00:00:00
threatpost
threatpost
How MikroTik Routers Became a Cybercriminal Target
2021-12-09 15:56:16
thn
thn
Over 300,000 MikroTik Devices Found Vulnerable to Remote Hacking Bugs
2021-12-09 11:15:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.7 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.7%

JSON
Related for NVD:CVE-2019-3978
nessus3cvelist1prion1cve1zdt1exploitpack1packetstorm1exploitdb1openvas1threatpost1thn1