ID
VAR-202208-2032
CVE
CVE-2022-34960
TITLE
MikroTik of routeros Link interpretation vulnerability in
Trust: 0.8
DESCRIPTION
The container package in MikroTik RouterOS 7.4beta4 allows an attacker to create mount points pointing to symbolic links, which resolve to locations on the host device. This allows the attacker to mount any arbitrary file to any location on the host. MikroTik of routeros Exists in a link interpretation vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Trust: 1.8
AFFECTED PRODUCTS
| vendor: | mikrotik | model: | routeros | scope: | eq | version: | 7.4 | Trust: 1.8 |
| vendor: | mikrotik | model: | routeros | scope: | - | version: | - | Trust: 0.8 |
| vendor: | mikrotik | model: | routeros | scope: | eq | version: | - | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-59 | Trust: 1.1 |
| problemtype: | Link interpretation problem (CWE-59) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
post link
Trust: 0.6
PATCH
| title: | MikroTik RouterOS Post-link vulnerability fixes | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=206248 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-34960 | Trust: 3.4 |
| db: | JVNDB | id: | JVNDB-2022-015775 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202208-3839 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-427953 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2022-34960 | Trust: 0.1 |
REFERENCES
| url: | https://nns.ee/blog/2022/08/05/routeros-container-rce.html | Trust: 2.6 |
| url: | https://nns.ee/blog/2022/06/21/routeros-container-rce.html | Trust: 1.8 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-34960 | Trust: 0.8 |
| url: | https://cxsecurity.com/cveshow/cve-2022-34960/ | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
SOURCES
| db: | VULHUB | id: | VHN-427953 |
| db: | VULMON | id: | CVE-2022-34960 |
| db: | JVNDB | id: | JVNDB-2022-015775 |
| db: | CNNVD | id: | CNNVD-202208-3839 |
| db: | NVD | id: | CVE-2022-34960 |
LAST UPDATE DATE
2024-08-14T15:16:31.336000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-427953 | date: | 2022-08-31T00:00:00 |
| db: | VULMON | id: | CVE-2022-34960 | date: | 2022-08-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-015775 | date: | 2023-09-28T08:09:00 |
| db: | CNNVD | id: | CNNVD-202208-3839 | date: | 2022-09-01T00:00:00 |
| db: | NVD | id: | CVE-2022-34960 | date: | 2022-08-31T16:35:53.877 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-427953 | date: | 2022-08-25T00:00:00 |
| db: | VULMON | id: | CVE-2022-34960 | date: | 2022-08-25T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-015775 | date: | 2023-09-28T00:00:00 |
| db: | CNNVD | id: | CNNVD-202208-3839 | date: | 2022-08-25T00:00:00 |
| db: | NVD | id: | CVE-2022-34960 | date: | 2022-08-25T02:15:19.733 |