CVE-2017-6297

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions 6.37.4 through 6.83.3

Description The issue concerns the L2TP Client in MikroTik RouterOS, which fails to enable IPsec encryption after a reboot. This allows man-in-the-middle attackers to intercept and view transmitted data without encryption, potentially gaining access to networks on the L2TP server by monitoring packets for transmitted data and obtaining the L2TP secret.

Recommendations For MikroTik RouterOS versions 6.37.4 through 6.83.3, consider temporarily disabling the L2TP Client until a patch is available to ensure IPsec encryption is consistently enabled. Restrict access to sensitive networks and data to minimize the risk of exploitation.