Описание
An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels).
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:mikrotik:routeros:6.41.4:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00723
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-295
Связанные уязвимости
CVSS3: 8.1
github
больше 3 лет назад
An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels).
EPSS
Процентиль: 72%
0.00723
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-295