Authentication flaw

2019-08-2621:15:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

50.1%

JSON

MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.

CPENameOperatorVersion
routerosle6.44.5
routerosge6.45
routerosle6.45.3

Name	Operator	Version
routeros	le	6.44.5
routeros	ge	6.45
routeros	le	6.45.3

References

fortiguard.com/zeroday/FG-VD-19-108

forum.mikrotik.com/viewtopic.php?t=151603

github.com/tenable/routeros/tree/master/poc/cve_2019_15055

medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90

mikrotik.com/download/changelogs/testing-release-tree