Sign-up

ID

VAR-202212-0564


CVE

CVE-2022-45315


TITLE

MikroTik RouterOS Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202212-2438

DESCRIPTION

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet

Trust: 0.99

sources: NVD: CVE-2022-45315 // VULHUB: VHN-442958

AFFECTED PRODUCTS

vendor:mikrotikmodel:routerosscope:ltversion:7.6

Trust: 1.0

sources: NVD: CVE-2022-45315

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2022-45315
value: CRITICAL

Trust: 1.0

CNNVD: CNNVD-202212-2438
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2022-45315
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: CNNVD: CNNVD-202212-2438 // NVD: CVE-2022-45315

PROBLEMTYPE DATA

problemtype:CWE-125

Trust: 1.1

sources: VULHUB: VHN-442958 // NVD: CVE-2022-45315

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202212-2438

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202212-2438

PATCH

title:MikroTik RouterOS Buffer error vulnerability fixurl:http://123.124.177.30/web/xxk/bdxqById.tag?id=216733

Trust: 0.6

sources: CNNVD: CNNVD-202212-2438

EXTERNAL IDS

db:NVDid:CVE-2022-45315

Trust: 1.7

db:CNNVDid:CNNVD-202212-2438

Trust: 0.6

db:VULHUBid:VHN-442958

Trust: 0.1

sources: VULHUB: VHN-442958 // CNNVD: CNNVD-202212-2438 // NVD: CVE-2022-45315

REFERENCES

url:https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/cve-2022-45315/readme.md

Trust: 1.7

url:https://github.com/cq674350529/pocs_slides/blob/master/advisory/mikrotik/vul_snmp/readme.md

Trust: 0.6

url:https://cxsecurity.com/cveshow/cve-2022-45315/

Trust: 0.6

sources: VULHUB: VHN-442958 // CNNVD: CNNVD-202212-2438 // NVD: CVE-2022-45315

SOURCES

db:VULHUBid:VHN-442958
db:CNNVDid:CNNVD-202212-2438
db:NVDid:CVE-2022-45315

LAST UPDATE DATE

2024-08-14T14:17:33.411000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-442958date:2023-02-03T00:00:00
db:CNNVDid:CNNVD-202212-2438date:2022-12-15T00:00:00
db:NVDid:CVE-2022-45315date:2023-02-03T19:49:04.590

SOURCES RELEASE DATE

db:VULHUBid:VHN-442958date:2022-12-05T00:00:00
db:CNNVDid:CNNVD-202212-2438date:2022-12-05T00:00:00
db:NVDid:CVE-2022-45315date:2022-12-05T16:15:10.050