Описание
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-15055
- https://fortiguard.com/zeroday/FG-VD-19-108
- https://forum.mikrotik.com/viewtopic.php?t=151603
- https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055
- https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90
- https://mikrotik.com/download/changelogs/testing-release-tree
EPSS
CVE ID
Связанные уязвимости
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.
Уязвимость операционной системы RouterOS маршрутизаторов MikroTik, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю удалить произвольные файлы, получить доступ к целевой системе с привилегиями администратора и изменить пароль администратора
EPSS