Details of VAR-202010-0242

ID

VAR-202010-0242

CVE

CVE-2019-16160

TITLE

MikroTik RouterOS Integer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-016058

DESCRIPTION

An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. MikroTik RouterOS Exists in an integer overflow vulnerability.Denial of service (DoS) It may be put into a state. MikroTik RouterOS is a Linux-based router operating system developed by Latvian MikroTik Company. The system can be deployed in a PC so that it provides router functionality

Trust: 1.71

sources: NVD: CVE-2019-16160 // JVNDB: JVNDB-2019-016058 // VULHUB: VHN-148279

AFFECTED PRODUCTS

vendor:	mikrotik	model:	routeros	scope:	lt	version:	6.45.5	Trust: 1.0
vendor:	mikrotik	model:	routeros	scope:	eq	version:	-	Trust: 0.8
vendor:	mikrotik	model:	routeros	scope:	lt	version:	6.45.5 less than	Trust: 0.8

sources: JVNDB: JVNDB-2019-016058 // NVD: CVE-2019-16160

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-16160
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-16160
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202010-216
value:	HIGH
Trust: 0.6
VULHUB:	VHN-148279
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-16160
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-148279
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-16160
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2019-16160
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-148279 // JVNDB: JVNDB-2019-016058 // CNNVD: CNNVD-202010-216 // NVD: CVE-2019-16160

PROBLEMTYPE DATA

problemtype:	CWE-191	Trust: 1.0
problemtype:	Integer overflow or wraparound (CWE-190) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-190	Trust: 0.1

sources: VULHUB: VHN-148279 // JVNDB: JVNDB-2019-016058 // NVD: CVE-2019-16160

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202010-216

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202010-216

PATCH

title:

v6.45.5 [stable] is released! MikroTik

url:

https://forum.mikrotik.com/viewtopic.php?t=151603

Trust: 0.8

sources: JVNDB: JVNDB-2019-016058

EXTERNAL IDS

db:	NVD	id:	CVE-2019-16160	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-016058	Trust: 0.8
db:	CNNVD	id:	CNNVD-202010-216	Trust: 0.6
db:	VULHUB	id:	VHN-148279	Trust: 0.1

sources: VULHUB: VHN-148279 // JVNDB: JVNDB-2019-016058 // CNNVD: CNNVD-202010-216 // NVD: CVE-2019-16160

REFERENCES

url:	https://forum.mikrotik.com/viewtopic.php?t=151603	Trust: 1.7
url:	https://gist.github.com/thebabush/3c71fc5001f8865e3ad579e80680ce24	Trust: 1.7
url:	https://mikrotik.com	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2019-16160	Trust: 1.4

sources: VULHUB: VHN-148279 // JVNDB: JVNDB-2019-016058 // CNNVD: CNNVD-202010-216 // NVD: CVE-2019-16160

SOURCES

db:	VULHUB	id:	VHN-148279
db:	JVNDB	id:	JVNDB-2019-016058
db:	CNNVD	id:	CNNVD-202010-216
db:	NVD	id:	CVE-2019-16160

LAST UPDATE DATE

2024-11-23T22:29:28.299000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-148279	date:	2020-10-15T00:00:00
db:	JVNDB	id:	JVNDB-2019-016058	date:	2021-04-26T06:22:00
db:	CNNVD	id:	CNNVD-202010-216	date:	2020-10-21T00:00:00
db:	NVD	id:	CVE-2019-16160	date:	2024-11-21T04:30:10.230

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-148279	date:	2020-10-07T00:00:00
db:	JVNDB	id:	JVNDB-2019-016058	date:	2021-04-26T00:00:00
db:	CNNVD	id:	CNNVD-202010-216	date:	2020-10-07T00:00:00
db:	NVD	id:	CVE-2019-16160	date:	2020-10-07T16:15:12.390