The vulnerability scanner Nessus provides a plugin with the ID 117335 (MikroTik RouterOS Winbox Unauthenticated Arbitrary File Read/Write Vulnerability), which helps to determine the existence of the flaw in a target environment. It is possible to download the exploit at. Technical details are unknown but a public exploit is available.Ī public exploit has been developed by Basu Cert (Mosajjal) and been published before and not just after the advisory. The exploitation doesn't need any form of authentication. This vulnerability is known as CVE-2018-14847 since. As an impact it is known to affect confidentiality, integrity, and availability. When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct. The CWE definition for the vulnerability is CWE-287. The manipulation as part of a Request leads to a weak authentication vulnerability. Affected by this vulnerability is an unknown functionality of the component Winbox. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability has been found in MikroTik RouterOS up to 6.42 ( Router Operating System) and classified as critical. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |