Vulnerability CVE-2017-7285


Published: 2017-03-29

Description:
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
MikroTik RouterBoard V-6.38.5 Denial Of Service | CPU Consumption
Hosein Askari (F...
28.03.2017

Type:

CWE-400

(Uncontrolled Resource Consumption ('Resource Exhaustion'))

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:N/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.8/10
6.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Complete
Affected software
Mikrotik -> Routeros 

 References:
http://www.securityfocus.com/bid/97266
https://cxsecurity.com/issue/WLB-2017030242
https://www.exploit-db.com/exploits/41752/

Copyright 2022, cxsecurity.com

 

Back to Top