Details of VAR-201907-0318

ID

VAR-201907-0318

CVE

CVE-2019-13074

TITLE

MikroTik router Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2019-006144

DESCRIPTION

A vulnerability in the FTP daemon on MikroTik routers through 6.44.3 could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management. MikroTik router Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTikrouters is a router product from MikroTik, Latvia. There are security vulnerabilities in the FTP daemons of MikroTikrouters 6.44.3 and earlier

Trust: 2.25

sources: NVD: CVE-2019-13074 // JVNDB: JVNDB-2019-006144 // CNVD: CNVD-2019-21936 // VULHUB: VHN-144884

IOT TAXONOMY

category:

['ICS', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-21936

AFFECTED PRODUCTS

vendor:	mikrotik	model:	routeros	scope:	lte	version:	6.44.3	Trust: 1.0
vendor:	mikrotik	model:	routeros	scope:	-	version:	-	Trust: 0.8
vendor:	mikrotik	model:	routers	scope:	lte	version:	<=6.44.3	Trust: 0.6

sources: CNVD: CNVD-2019-21936 // JVNDB: JVNDB-2019-006144 // NVD: CVE-2019-13074

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-13074
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-13074
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-21936
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201907-215
value:	HIGH
Trust: 0.6
VULHUB:	VHN-144884
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-13074
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-21936
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-144884
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-13074
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-21936 // VULHUB: VHN-144884 // JVNDB: JVNDB-2019-006144 // CNNVD: CNNVD-201907-215 // NVD: CVE-2019-13074

PROBLEMTYPE DATA

problemtype:	CWE-770	Trust: 1.1
problemtype:	CWE-400	Trust: 0.9

sources: VULHUB: VHN-144884 // JVNDB: JVNDB-2019-006144 // NVD: CVE-2019-13074

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-215

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201907-215

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-006144

PATCH

title:	v6.44.5 [long-term] is released!	url:	https://forum.mikrotik.com/viewtopic.php?t=150045	Trust: 0.8
title:	Stable release tree	url:	https://mikrotik.com/download/changelogs/stable-release-tree	Trust: 0.8
title:	MikroTikrouters denies service patch vulnerabilities	url:	https://www.cnvd.org.cn/patchInfo/show/168039	Trust: 0.6
title:	MikroTik routers Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=94407	Trust: 0.6

sources: CNVD: CNVD-2019-21936 // JVNDB: JVNDB-2019-006144 // CNNVD: CNNVD-201907-215

EXTERNAL IDS

db:	NVD	id:	CVE-2019-13074	Trust: 3.1
db:	JVNDB	id:	JVNDB-2019-006144	Trust: 0.8
db:	CNNVD	id:	CNNVD-201907-215	Trust: 0.7
db:	CNVD	id:	CNVD-2019-21936	Trust: 0.6
db:	VULHUB	id:	VHN-144884	Trust: 0.1

sources: CNVD: CNVD-2019-21936 // VULHUB: VHN-144884 // JVNDB: JVNDB-2019-006144 // CNNVD: CNNVD-201907-215 // NVD: CVE-2019-13074

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2019-13074	Trust: 2.0
url:	https://forum.mikrotik.com/viewtopic.php?t=150045	Trust: 1.7
url:	https://mikrotik.com/download/changelogs/stable-release-tree	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13074	Trust: 0.8

sources: CNVD: CNVD-2019-21936 // VULHUB: VHN-144884 // JVNDB: JVNDB-2019-006144 // CNNVD: CNNVD-201907-215 // NVD: CVE-2019-13074

SOURCES

db:	CNVD	id:	CNVD-2019-21936
db:	VULHUB	id:	VHN-144884
db:	JVNDB	id:	JVNDB-2019-006144
db:	CNNVD	id:	CNNVD-201907-215
db:	NVD	id:	CVE-2019-13074

LAST UPDATE DATE

2024-11-23T22:33:49.907000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-21936	date:	2019-07-10T00:00:00
db:	VULHUB	id:	VHN-144884	date:	2020-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-006144	date:	2019-07-11T00:00:00
db:	CNNVD	id:	CNNVD-201907-215	date:	2020-08-25T00:00:00
db:	NVD	id:	CVE-2019-13074	date:	2024-11-21T04:24:08.800

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-21936	date:	2019-07-10T00:00:00
db:	VULHUB	id:	VHN-144884	date:	2019-07-03T00:00:00
db:	JVNDB	id:	JVNDB-2019-006144	date:	2019-07-11T00:00:00
db:	CNNVD	id:	CNNVD-201907-215	date:	2019-07-03T00:00:00
db:	NVD	id:	CVE-2019-13074	date:	2019-07-03T21:15:10.513