| |
Vulnerability CVE-2019-3978
Published: 2019-10-29 Modified: 2019-11-05
| Description: |
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker's choice. The DNS responses are cached by the router, potentially resulting in cache poisoning |
See advisories in our WLB2 database: | Topic | Author | Date |
Med. |
| Jacob Baines | 01.11.2019 |
Type:
CWE-306 (Missing Authentication for Critical Function)
CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
5/10 |
2.9/10 |
10/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Low |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
http://packetstormsecurity.com/files/155036/MikroTik-RouterOS-6.45.6-DNS-Cache-Poisoning.html
https://www.tenable.com/security/research/tra-2019-46
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
