Sign-up

ID

VAR-201907-0593


CVE

CVE-2019-13954


TITLE

Mikrotik RouterOS Vulnerable to resource exhaustion

Trust: 0.8

sources: JVNDB: JVNDB-2019-007387

DESCRIPTION

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected. Mikrotik RouterOS Contains a resource exhaustion vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality. A security vulnerability exists in Mikrotik RouterOS versions prior to 6.44.5. Advisory: two vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Affected Versions: before 6.44.5 (Long-term release tree), before 6.45.1 (Stable release tree) Fixed Versions: 6.44.5 (Long-term release tree), 6.45.1 (Stable release tree) Vendor URL: https://mikrotik.com/download/changelogs/long-term-release-tree Vendor Status: fixed version released CVE: CVE-2019-13954, CVE-2019-13955 Credit: Qian Chen(@cq674350529) of the Qihoo 360 Nirvan Team Product Description ================== RouterOS is the operating system used on the MikroTik's devices, such as switch, router and access point. 1. An authenticated user can cause the www binary to consume all memory via a crafted POST request to /jsproxy/upload. It's because of the incomplete fix for the CVE-2018-1157. Based on the poc for cve_2018_1157 provided by the @Jacob Baines (really appreciate!), crafting a filename ending with many '\x00' can bypass the original fix to trigger the vulnerability. 2. CVE-2019-13955: stack exhaustion via recuring parsing of JSON This vulnerability is similar to the CVE-2018-1158. An authenticated user communicating with the www binary can trigger a stack exhaustion vulnerability via recursive parsing of JSON containing message type M. Based on the poc for cve_2018_1158 provided by the @Jacob Baines (really appreciate!), crafting an JSON message with type M can trigger the vulnerability. A simple python script to generate the crafted message is as follows. References ========== [1] https://mikrotik.com/download/changelogs/long-term-release-tree [2] https://github.com/tenable/routeros

Trust: 1.8

sources: NVD: CVE-2019-13954 // JVNDB: JVNDB-2019-007387 // VULHUB: VHN-145852 // PACKETSTORM: 153733

AFFECTED PRODUCTS

vendor:mikrotikmodel:routerosscope:eqversion:6.45

Trust: 1.0

vendor:mikrotikmodel:routerosscope:ltversion:6.44.5

Trust: 1.0

vendor:mikrotikmodel:routerosscope:ltversion:6.44.5 (long-term release tree)

Trust: 0.8

sources: JVNDB: JVNDB-2019-007387 // NVD: CVE-2019-13954

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-13954
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-13954
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201907-1353
value: MEDIUM

Trust: 0.6

VULHUB: VHN-145852
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-13954
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-145852
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-13954
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-145852 // JVNDB: JVNDB-2019-007387 // CNNVD: CNNVD-201907-1353 // NVD: CVE-2019-13954

PROBLEMTYPE DATA

problemtype:CWE-770

Trust: 1.1

problemtype:CWE-400

Trust: 0.9

sources: VULHUB: VHN-145852 // JVNDB: JVNDB-2019-007387 // NVD: CVE-2019-13954

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201907-1353

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201907-1353

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-007387

PATCH
title:RouterOSurl:https://mikrotik.com/software
Trust: 0.8
title:MikroTik RouterOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=95503
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-007387 // 
            
            
            
            CNNVD: CNNVD-201907-1353

EXTERNAL IDS
db:PACKETSTORMid:153733
Trust: 2.6
db:NVDid:CVE-2019-13954
Trust: 2.6
db:JVNDBid:JVNDB-2019-007387
Trust: 0.8
db:CNNVDid:CNNVD-201907-1353
Trust: 0.7
db:VULHUBid:VHN-145852
Trust: 0.1
sources:
            
            
            VULHUB: VHN-145852 // 
            
            
            
            JVNDB: JVNDB-2019-007387 // 
            
            
            
            PACKETSTORM: 153733 // 
            
            
            
            CNNVD: CNNVD-201907-1353 // 
            
            
            
            NVD: CVE-2019-13954

REFERENCES
url:http://packetstormsecurity.com/files/153733/mikrotik-routeros-resource-stack-exhaustion.html
Trust: 3.1
url:https://seclists.org/fulldisclosure/2019/jul/20
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2019-13954
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13954
Trust: 0.8
url:https://github.com/tenable/routeros
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2019-13955
Trust: 0.1
url:https://mikrotik.com/download/changelogs/long-term-release-tree
Trust: 0.1
sources:
            
            
            VULHUB: VHN-145852 // 
            
            
            
            JVNDB: JVNDB-2019-007387 // 
            
            
            
            PACKETSTORM: 153733 // 
            
            
            
            CNNVD: CNNVD-201907-1353 // 
            
            
            
            NVD: CVE-2019-13954

CREDITS
Qian Chen
Trust: 0.7
sources:
            
            
            PACKETSTORM: 153733 // 
            
            
            
            CNNVD: CNNVD-201907-1353

SOURCES
db:VULHUBid:VHN-145852
db:JVNDBid:JVNDB-2019-007387
db:PACKETSTORMid:153733
db:CNNVDid:CNNVD-201907-1353
db:NVDid:CVE-2019-13954

LAST UPDATE DATE
2024-11-23T22:30:00.045000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-145852date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2019-007387date:2019-08-08T00:00:00
db:CNNVDid:CNNVD-201907-1353date:2020-08-25T00:00:00
db:NVDid:CVE-2019-13954date:2024-11-21T04:25:46.347

SOURCES RELEASE DATE
db:VULHUBid:VHN-145852date:2019-07-26T00:00:00
db:JVNDBid:JVNDB-2019-007387date:2019-08-08T00:00:00
db:PACKETSTORMid:153733date:2019-07-24T02:32:22
db:CNNVDid:CNNVD-201907-1353date:2019-07-24T00:00:00
db:NVDid:CVE-2019-13954date:2019-07-26T13:15:12.830