PT-2018-1701 · Mikrotik · Routeros+1
Publicado
2018-08-23
·
Atualizado
2020-08-24
·
CVE-2018-1156
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Mikrotik RouterOS versions prior to 6.42.7
Mikrotik RouterOS versions prior to 6.40.9
Description
The issue is caused by a stack buffer overflow in the license upgrade interface, specifically in the
licupgr component, which could allow a remote authenticated attacker to execute arbitrary code on the system. This can be achieved through a specially crafted request.Recommendations
For versions prior to 6.42.7, update to version 6.42.7 or later.
For versions prior to 6.40.9, update to version 6.40.9 or later.
As a temporary workaround, consider restricting access to the
licupgr component until a patch is available.Exploit
Correção
Stack Overflow
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Mikrotik Routeros
Routeros