PT-2017-17636 · Mikrotik · Mikrotik+1
Farazpajohan
·
Published
2017-03-29
·
Updated
2017-04-10
·
CVE-2017-7285
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
MikroTik version 6.38.5
Description
A vulnerability in the network stack could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
Recommendations
For MikroTik version 6.38.5, consider implementing rate limiting on TCP RST packets to mitigate the risk of CPU exhaustion until a patch is available.
Exploit
Fix
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mikrotik
Mikrotik Routeros