CVE-2019-15055

Sažetak

MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.

Reference

https://fortiguard.com/zeroday/FG-VD-19-108
https://forum.mikrotik.com/viewtopic.php?t=151603
https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055
https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90
https://mikrotik.com/download/changelogs/testing-release-tree

CVSS

Base:	5.5
Impact:	4.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:N/I:P/A:P

Zadnje važnije ažuriranje

06-10-2020 - 12:15

Objavljeno

26-08-2019 - 21:15