MikroTik RouterOS < 6.40.9 / 6.42.7 / 6.43 multiple vulnerabilities.

high Nessus Plugin ID 112114

Synopsis

The remote networking device is affected by multiple vulnerabilities.

Description

According to its self-reported version, the remote networking device is running a version of MikroTik prior to 6.40.9, 6.41.x < 6.42.7, or 6.43. It, therefore, vulnerable to multiple vulnerabilities.

Solution

Upgrade to MikroTik RouterOS 6.40.9 / 6.42.7 / 6.43 or later.

See Also

http://www.nessus.org/u?237622b9

http://www.nessus.org/u?f9e2af40

http://www.nessus.org/u?c37b423c

Plugin Details

Severity: High

ID: 112114

File Name: mikrotik_aug_2018.nasl

Version: 1.4

Type: remote

Family: Misc.

Published: 8/24/2018

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2018-1156

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:mikrotik:routeros

Required KB Items: MikroTik/RouterOS/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 8/20/2018

Vulnerability Publication Date: 8/22/2018

Reference Information

CVE: CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159