Sign-up

ID

VAR-201703-1222


CVE

CVE-2017-7285


TITLE

MikroTik Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2017-002906

DESCRIPTION

A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections. MikroTik Contains a resource exhaustion vulnerability.Service operation interruption (DoS) An attack may be carried out. MikroTikRouterBoard is a router management panel from MikroTik, Republic of Latvia. There is a security vulnerability in the networkstack in MikroTikRouterBoard 6.38.5. A remote attacker can exploit this vulnerability with a large number of TCPRST packets to cause a denial of service (depleting all available CPUs). MikroTik RouterBoard is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a high CPU consumption, resulting in a denial-of-service condition. MikroTik RouterBoard 6.38.5 is vulnerable; other versions also affected

Trust: 2.52

sources: NVD: CVE-2017-7285 // JVNDB: JVNDB-2017-002906 // CNVD: CNVD-2017-04741 // BID: 97266 // VULHUB: VHN-115488

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-04741

AFFECTED PRODUCTS

vendor:mikrotikmodel:routerosscope:eqversion:6.38.5

Trust: 1.6

vendor:mikrotikmodel:routerboardscope:eqversion:6.38.5

Trust: 0.9

vendor:mikrotikmodel:routerosscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2017-04741 // BID: 97266 // JVNDB: JVNDB-2017-002906 // CNNVD: CNNVD-201703-1214 // NVD: CVE-2017-7285

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-7285
value: HIGH

Trust: 1.0

NVD: CVE-2017-7285
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-04741
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201703-1214
value: HIGH

Trust: 0.6

VULHUB: VHN-115488
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-7285
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2017-04741
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-115488
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-7285
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2017-04741 // VULHUB: VHN-115488 // JVNDB: JVNDB-2017-002906 // CNNVD: CNNVD-201703-1214 // NVD: CVE-2017-7285

PROBLEMTYPE DATA

problemtype:CWE-400

Trust: 1.9

sources: VULHUB: VHN-115488 // JVNDB: JVNDB-2017-002906 // NVD: CVE-2017-7285

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201703-1214

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201703-1214

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-002906

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-115488

PATCH
title:RouterOSurl:https://www.mikrotik.com/software
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-002906

EXTERNAL IDS
db:NVDid:CVE-2017-7285
Trust: 3.4
db:CXSECURITYid:WLB-2017030242
Trust: 2.5
db:EXPLOIT-DBid:41752
Trust: 2.3
db:BIDid:97266
Trust: 2.0
db:JVNDBid:JVNDB-2017-002906
Trust: 0.8
db:CNNVDid:CNNVD-201703-1214
Trust: 0.7
db:EXPLOITDBid:41752
Trust: 0.6
db:CNVDid:CNVD-2017-04741
Trust: 0.6
db:PACKETSTORMid:141917
Trust: 0.1
db:VULHUBid:VHN-115488
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-04741 // 
            
            
            
            VULHUB: VHN-115488 // 
            
            
            
            BID: 97266 // 
            
            
            
            JVNDB: JVNDB-2017-002906 // 
            
            
            
            CNNVD: CNNVD-201703-1214 // 
            
            
            
            NVD: CVE-2017-7285

REFERENCES
url:https://cxsecurity.com/issue/wlb-2017030242
Trust: 2.5
url:https://www.exploit-db.com/exploits/41752/
Trust: 2.3
url:http://www.securityfocus.com/bid/97266
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-7285
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-7285
Trust: 0.8
url:http://www.mikrotik.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-04741 // 
            
            
            
            VULHUB: VHN-115488 // 
            
            
            
            BID: 97266 // 
            
            
            
            JVNDB: JVNDB-2017-002906 // 
            
            
            
            CNNVD: CNNVD-201703-1214 // 
            
            
            
            NVD: CVE-2017-7285

CREDITS
Hosein Askari (FarazPajohan).
Trust: 0.3
sources:
            
            
            BID: 97266

SOURCES
db:CNVDid:CNVD-2017-04741
db:VULHUBid:VHN-115488
db:BIDid:97266
db:JVNDBid:JVNDB-2017-002906
db:CNNVDid:CNNVD-201703-1214
db:NVDid:CVE-2017-7285

LAST UPDATE DATE
2024-11-23T22:18:03.444000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-04741date:2017-04-20T00:00:00
db:VULHUBid:VHN-115488date:2017-04-10T00:00:00
db:BIDid:97266date:2017-04-04T00:02:00
db:JVNDBid:JVNDB-2017-002906date:2017-05-08T00:00:00
db:CNNVDid:CNNVD-201703-1214date:2017-03-30T00:00:00
db:NVDid:CVE-2017-7285date:2024-11-21T03:31:33.073

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-04741date:2017-04-20T00:00:00
db:VULHUBid:VHN-115488date:2017-03-29T00:00:00
db:BIDid:97266date:2017-03-29T00:00:00
db:JVNDBid:JVNDB-2017-002906date:2017-05-08T00:00:00
db:CNNVDid:CNNVD-201703-1214date:2017-03-28T00:00:00
db:NVDid:CVE-2017-7285date:2017-03-29T14:59:00.483