Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2019-3943 (GCVE-0-2019-3943)
Vulnerability from cvelistv5 – Published: 2019-04-10 20:01 – Updated: 2024-08-04 19:26
VLAI?
EPSS
Summary
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
Severity ?
No CVSS data available.
CWE
- CWE-23 - Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:26:27.694Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RouterOS",
"vendor": "MikroTik",
"versions": [
{
"status": "affected",
"version": "Stable 6.43.12 and below"
},
{
"status": "affected",
"version": "Long-term 6.42.12 and below"
},
{
"status": "affected",
"version": "Testing 6.44beta75 and below"
}
]
}
],
"datePublic": "2019-04-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23 Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-04-10T20:01:00.000Z",
"orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"shortName": "tenable"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RouterOS",
"version": {
"version_data": [
{
"version_value": "Stable 6.43.12 and below"
},
{
"version_value": "Long-term 6.42.12 and below"
},
{
"version_value": "Testing 6.44beta75 and below"
}
]
}
}
]
},
"vendor_name": "MikroTik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-16",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be",
"assignerShortName": "tenable",
"cveId": "CVE-2019-3943",
"datePublished": "2019-04-10T20:01:00.000Z",
"dateReserved": "2019-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-04T19:26:27.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
GHSA-5QG2-WQX5-PQ26
Vulnerability from github – Published: 2022-05-13 01:30 – Updated: 2022-05-13 01:30
VLAI?
Details
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
Severity ?
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2019-3943"
],
"database_specific": {
"cwe_ids": [
"CWE-22"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-10T21:29:00Z",
"severity": "HIGH"
},
"details": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).",
"id": "GHSA-5qg2-wqx5-pq26",
"modified": "2022-05-13T01:30:05Z",
"published": "2022-05-13T01:30:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3943"
},
{
"type": "WEB",
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
CVE-2019-3943
Vulnerability from fstec - Published: 10.04.2019
VLAI Severity ?
Title
Уязвимость операционной системы RouterOS маршрутизаторов MikroTik, связанная с ошибками ограничения имени пути к каталогу с ограниченным доступом, позволяющая нарушителю обойти процедуру аутентификации
Description
Уязвимость операционной системы RouterOS маршрутизаторов MikroTik связана с ошибками ограничения имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить чтение и запись произвольных файлов за пределами каталога /rw/disk посредством интерфейсов HTTP или Winbox
Severity ?
Vendor
MikroTik
Software Name
RouterOS
Software Version
до 6.43.12 включительно (RouterOS), до 6.42.12 включительно (RouterOS), до 6.44beta75 включительно (RouterOS)
Possible Mitigations
Обновление программного обеспечения до более поздней версии
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-3943
https://www.tenable.com/security/research/tra-2019-16
https://blog.mikrotik.com/security/cve-20193924-dude-agent-vulnerability.html
CWE
CWE-22
{
"CVSS 2.0": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"CVSS 3.0": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "MikroTik",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 6.43.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (RouterOS), \u0434\u043e 6.42.12 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (RouterOS), \u0434\u043e 6.44beta75 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (RouterOS)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.04.2019",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "04.07.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-02371",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2019-3943",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "RouterOS",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b RouterOS \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 MikroTik, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043e\u0431\u043e\u0439\u0442\u0438 \u043f\u0440\u043e\u0446\u0435\u0434\u0443\u0440\u0443 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u0432\u0435\u0440\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c (\u00ab\u041e\u0431\u0445\u043e\u0434 \u043f\u0443\u0442\u0438\u00bb) (CWE-22)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b RouterOS \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u043e\u0432 MikroTik \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0438\u043c\u0435\u043d\u0438 \u043f\u0443\u0442\u0438 \u043a \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0443 \u0441 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0447\u0442\u0435\u043d\u0438\u0435 \u0438 \u0437\u0430\u043f\u0438\u0441\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u043a\u0430\u0442\u0430\u043b\u043e\u0433\u0430 /rw/disk \u043f\u043e\u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u043e\u0432 HTTP \u0438\u043b\u0438 Winbox",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://nvd.nist.gov/vuln/detail/CVE-2019-3943\nhttps://www.tenable.com/security/research/tra-2019-16\nhttps://blog.mikrotik.com/security/cve-20193924-dude-agent-vulnerability.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-22",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)"
}
FKIE_CVE-2019-3943
Vulnerability from fkie_nvd - Published: 2019-04-10 21:29 - Updated: 2024-11-21 04:42
Severity ?
Summary
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
References
| URL | Tags | ||
|---|---|---|---|
| vulnreport@tenable.com | https://www.tenable.com/security/research/tra-2019-16 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2019-16 | Exploit, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"matchCriteriaId": "ACADC6D1-CFEF-4F9D-966C-64D3BB0C2256",
"versionEndIncluding": "6.42.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"matchCriteriaId": "829F9974-1A56-4391-AFA9-4BB4B3096AFD",
"versionEndIncluding": "6.43.12",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc31:*:*:testing:*:*:*",
"matchCriteriaId": "C7DDCBF9-152C-421C-B326-CCFB62A42C17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc32:*:*:testing:*:*:*",
"matchCriteriaId": "AA89BEC4-62A8-4DA7-AB2A-2D18A643E3F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc34:*:*:testing:*:*:*",
"matchCriteriaId": "BCA389CA-532D-432C-A5C0-69C3CFA207C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc37:*:*:testing:*:*:*",
"matchCriteriaId": "5C950CF8-62A1-4A26-9133-108DAB661394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc38:*:*:testing:*:*:*",
"matchCriteriaId": "EB7ECE0C-B21E-4EFB-85D3-1A5A846D75FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc44:*:*:testing:*:*:*",
"matchCriteriaId": "3FC3F259-1C2A-4393-86E2-103495570F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc47:*:*:testing:*:*:*",
"matchCriteriaId": "C097CA40-9528-43DF-B3B7-59722AE5866A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc50:*:*:testing:*:*:*",
"matchCriteriaId": "A3793BBE-8E1A-4C07-9A52-E6DA4FE0DD3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc52:*:*:testing:*:*:*",
"matchCriteriaId": "CE5A816B-6663-4633-886A-AD7E3CBA5E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc56:*:*:testing:*:*:*",
"matchCriteriaId": "B851706B-4A98-4FD3-99B0-CE239D419808",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc61:*:*:testing:*:*:*",
"matchCriteriaId": "40D21FB7-E7C5-46B4-B89A-81F84EEB62B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc66:*:*:testing:*:*:*",
"matchCriteriaId": "5AAB3F87-47C7-4726-8DF1-09261C7C0613",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:testing:*:*:*",
"matchCriteriaId": "B353D6FD-C9FD-4458-82AA-F9FE168B04D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:testing:*:*:*",
"matchCriteriaId": "B5A92D37-C91C-4229-9B6D-C8FDB5C1DED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:testing:*:*:*",
"matchCriteriaId": "E8B77E44-F502-4164-95A7-60C53F4C465A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:testing:*:*:*",
"matchCriteriaId": "EAF10AE7-F48F-4FEC-A43A-7E5A45AF5B9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:testing:*:*:*",
"matchCriteriaId": "CB43A291-A77C-445D-9F68-1FA21C257561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:testing:*:*:*",
"matchCriteriaId": "EF252049-8D6D-47D7-9543-3B53D7D0DA6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:testing:*:*:*",
"matchCriteriaId": "48006BD1-EF86-4205-A1F7-C8A0D3D73EAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:testing:*:*:*",
"matchCriteriaId": "4F4D0CB8-F170-49E1-BB20-E4A3698FCE69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:testing:*:*:*",
"matchCriteriaId": "A6A9B305-ECE5-45C6-8417-BC2AAF9F4FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc27:*:*:testing:*:*:*",
"matchCriteriaId": "E76F79DB-F504-4495-B992-E895B0F0871E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc28:*:*:testing:*:*:*",
"matchCriteriaId": "D2B6691E-55DA-4D39-BD80-2BCF16952308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc30:*:*:testing:*:*:*",
"matchCriteriaId": "A710D231-1F22-4F38-B228-30CDF0169149",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc35:*:*:testing:*:*:*",
"matchCriteriaId": "F83EF0A6-CA00-404C-AC6C-14BB10C329B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc37:*:*:testing:*:*:*",
"matchCriteriaId": "CDA42D78-29F2-48B4-9422-3D39BA408E43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc39:*:*:testing:*:*:*",
"matchCriteriaId": "6643B0FC-93D5-4F10-AC3C-323F598C5013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc41:*:*:testing:*:*:*",
"matchCriteriaId": "02F11653-1822-4D53-A6ED-745AC401AD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc43:*:*:testing:*:*:*",
"matchCriteriaId": "9BF25BBD-CF35-4EE1-8A7A-EEEBD662E0DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc46:*:*:testing:*:*:*",
"matchCriteriaId": "2D70CCC2-48CF-4DAA-ABDF-B81F3DAA7EBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc48:*:*:testing:*:*:*",
"matchCriteriaId": "7DF5E7C1-0426-4B1E-A44F-C91AF4F0CCAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc49:*:*:testing:*:*:*",
"matchCriteriaId": "DB9A9D2C-697D-4ED3-9DBC-7A783C35DA91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:testing:*:*:*",
"matchCriteriaId": "C50C6C42-A148-4CBF-B843-D2DB89104387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc52:*:*:testing:*:*:*",
"matchCriteriaId": "525C6344-D579-4697-B092-94E75EAD7755",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc56:*:*:testing:*:*:*",
"matchCriteriaId": "F81532B9-1525-417E-8BF2-E4A8055D2DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:testing:*:*:*",
"matchCriteriaId": "8F9181C2-FF73-4BDF-90EE-00F6B066B7EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:testing:*:*:*",
"matchCriteriaId": "A44766F0-BCBF-433B-BEB0-13EB334899EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc11:*:*:testing:*:*:*",
"matchCriteriaId": "2FA5B37B-9EB7-4A1C-9A20-26AFAEC2F221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc12:*:*:testing:*:*:*",
"matchCriteriaId": "D1D9CCDE-2F9A-4F6F-A457-B9671E1B5874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc14:*:*:testing:*:*:*",
"matchCriteriaId": "73E3C281-E554-412F-941A-B55BA70AC7F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc17:*:*:testing:*:*:*",
"matchCriteriaId": "7F4223D5-0C3D-4C7E-A7B3-D1074A2FE75C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc19:*:*:testing:*:*:*",
"matchCriteriaId": "0A088124-8494-4E57-87C0-E75EEA4098DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc21:*:*:testing:*:*:*",
"matchCriteriaId": "090A232C-1F78-4C92-854D-BA91398770D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc23:*:*:testing:*:*:*",
"matchCriteriaId": "E4A4F1E1-2510-487D-AC6A-68D4450CDA06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc27:*:*:testing:*:*:*",
"matchCriteriaId": "28D50A65-95AF-479C-9661-35378B3ED2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc29:*:*:testing:*:*:*",
"matchCriteriaId": "8F478173-186D-436D-A200-4F20A7303630",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc3:*:*:testing:*:*:*",
"matchCriteriaId": "8E009CEF-1FE9-47B4-BC46-382D972B47EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc32:*:*:testing:*:*:*",
"matchCriteriaId": "E8E34937-3118-4FA0-B5CD-BA14F64507A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc34:*:*:testing:*:*:*",
"matchCriteriaId": "9D9786EA-C661-4478-AFA0-00728CBB246D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc4:*:*:testing:*:*:*",
"matchCriteriaId": "13F7DF28-170C-44E9-B39C-AB4B85B42201",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc40:*:*:testing:*:*:*",
"matchCriteriaId": "9823F4EF-9B49-4E4F-8B89-DF02D61C5146",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc42:*:*:testing:*:*:*",
"matchCriteriaId": "06860FB4-20D8-43B7-B530-CAD0BA186EF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc44:*:*:testing:*:*:*",
"matchCriteriaId": "25882AF0-E9A2-4952-A1E3-755A1DBA2D86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc45:*:*:testing:*:*:*",
"matchCriteriaId": "FE03C935-AC83-4B23-ABA2-67F759F10EA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc5:*:*:testing:*:*:*",
"matchCriteriaId": "BD83DCDC-20D5-4580-99BF-79981E081B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc51:*:*:testing:*:*:*",
"matchCriteriaId": "AFE7F815-2B2C-4F22-B1C9-0F13257160C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc56:*:*:testing:*:*:*",
"matchCriteriaId": "F662E59F-7C43-4157-83AF-30CDC8CFFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc6:*:*:testing:*:*:*",
"matchCriteriaId": "85377655-60CC-43C9-96E3-21C136FF0ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc64:*:*:testing:*:*:*",
"matchCriteriaId": "8763E04A-F260-498D-8ABB-0655844B5ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc66:*:*:testing:*:*:*",
"matchCriteriaId": "2EB5142B-7FA6-4B74-A462-28C6E1039B76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc7:*:*:testing:*:*:*",
"matchCriteriaId": "C5B8D222-A633-490C-ADA4-DDF7727B4A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta14:*:*:testing:*:*:*",
"matchCriteriaId": "8D2D7A0A-8A4A-412B-9146-BAB84270DCE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta17:*:*:testing:*:*:*",
"matchCriteriaId": "2FEE0259-3406-41DD-A043-87FD52CFD2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta20:*:*:testing:*:*:*",
"matchCriteriaId": "8A8F6139-9A63-4A8A-ACB1-344B36422A61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta28:*:*:testing:*:*:*",
"matchCriteriaId": "3FD287C7-0032-4CB0-96AF-24D63FE10D45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta39:*:*:testing:*:*:*",
"matchCriteriaId": "2C1433B6-773B-4922-B9FF-4D7255114C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta40:*:*:testing:*:*:*",
"matchCriteriaId": "C90C3B68-82AE-4833-BF41-98F5BFB03D78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta50:*:*:testing:*:*:*",
"matchCriteriaId": "ADE50771-AED1-410A-9BCC-6AE5EB46D278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta54:*:*:testing:*:*:*",
"matchCriteriaId": "B139016D-08F7-4085-ADD9-16396C9B3440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta6:*:*:testing:*:*:*",
"matchCriteriaId": "A0236F88-103D-4CCD-8F6E-440048378E5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta61:*:*:testing:*:*:*",
"matchCriteriaId": "BC6967CF-6B88-48F9-8D81-FE4930F400E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta75:*:*:testing:*:*:*",
"matchCriteriaId": "019DD6AA-08AD-4A9F-9817-21C776260B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta9:*:*:testing:*:*:*",
"matchCriteriaId": "B45EB891-09D4-436E-AC6A-A53CC4A6C6EE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
},
{
"lang": "es",
"value": "Las versiones de MikroTik RouterOS Stable versi\u00f3n 6.43.12 y versiones posteriores, Long-term versi\u00f3n 6.42.12 y versiones posteriores, y Testing versi\u00f3n 6.44beta75 y versiones anteriores son vulnerables a un salto de directorio remoto autenticado por medio de las interfaces HTTP o Winbox. Un ataque remoto autenticado puede usar esta vulnerabilidad para leer y escribir archivos fuera del directorio sandbox (/rw/disk)."
}
],
"id": "CVE-2019-3943",
"lastModified": "2024-11-21T04:42:54.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-04-10T21:29:01.823",
"references": [
{
"source": "vulnreport@tenable.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
],
"sourceIdentifier": "vulnreport@tenable.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-23"
}
],
"source": "vulnreport@tenable.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2019-3943
Vulnerability from gsd - Updated: 2023-12-13 01:24Details
MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-3943",
"description": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).",
"id": "GSD-2019-3943"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-3943"
],
"details": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).",
"id": "GSD-2019-3943",
"modified": "2023-12-13T01:24:04.573311Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3943",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "RouterOS",
"version": {
"version_data": [
{
"version_value": "Stable 6.43.12 and below"
},
{
"version_value": "Long-term 6.42.12 and below"
},
{
"version_value": "Testing 6.44beta75 and below"
}
]
}
}
]
},
"vendor_name": "MikroTik"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23 Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-16",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.42.12",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.43.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.41:rc31:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.41:rc32:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.41:rc34:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.41:rc37:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.41:rc38:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.41:rc44:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.41:rc47:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.41:rc50:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.41:rc52:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.41:rc56:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.41:rc61:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.41:rc66:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc27:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc28:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc30:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc35:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc37:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc39:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc41:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc43:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc46:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc48:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc49:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc52:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc56:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc11:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc12:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc14:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc17:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc19:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc21:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc23:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc27:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc29:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc3:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc32:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc34:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc4:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc40:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc42:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc44:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc45:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc5:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc51:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc56:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc6:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc64:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc66:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.43:rc7:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.44:beta14:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.44:beta17:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.44:beta20:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.44:beta28:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.44:beta39:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.44:beta40:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.44:beta50:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.44:beta54:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.44:beta6:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.44:beta61:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.44:beta75:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:mikrotik:routeros:6.44:beta9:*:*:testing:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"ID": "CVE-2019-3943"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2019-16",
"refsource": "MISC",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.tenable.com/security/research/tra-2019-16"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 7.8,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
},
"lastModifiedDate": "2019-12-17T19:19Z",
"publishedDate": "2019-04-10T21:29Z"
}
}
}
CNVD-2019-13856
Vulnerability from cnvd - Published: 2019-05-13
VLAI Severity ?
Title
MikroTik RouterOS目录遍历漏洞
Description
MikroTik RouterOS是拉脱维亚MikroTik公司的一套基于Linux开发的路由器操作系统。该系统可部署在PC中,使其提供路由器功能。
MikroTik RouterOS Stable 6.43.12及之前版本、Long-term 6.42.12及之前版本和Testing 6.44beta75及之前版本中存在目录遍历漏洞,该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。
Severity
高
Patch Name
MikroTik RouterOS目录遍历漏洞的补丁
Patch Description
MikroTik RouterOS是拉脱维亚MikroTik公司的一套基于Linux开发的路由器操作系统。该系统可部署在PC中,使其提供路由器功能。
MikroTik RouterOS Stable 6.43.12及之前版本、Long-term 6.42.12及之前版本和Testing 6.44beta75及之前版本中存在目录遍历漏洞,该漏洞源于网络系统或产品未能正确地过滤资源或文件路径中的特殊元素。攻击者可利用该漏洞访问受限目录之外的位置。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布漏洞修复程序,请及时关注更新: https://mikrotik.com/download
Reference
https://nvd.nist.gov/vuln/detail/CVE-2019-3943
Impacted products
| Name | ['MicroTik RouterOS <=Stable 6.43.12', 'MicroTik RouterOS <=Long-term 6.42.12', 'MicroTik RouterOS <=Testing 6.44beta75'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2019-3943"
}
},
"description": "MikroTik RouterOS\u662f\u62c9\u8131\u7ef4\u4e9aMikroTik\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eLinux\u5f00\u53d1\u7684\u8def\u7531\u5668\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u53ef\u90e8\u7f72\u5728PC\u4e2d\uff0c\u4f7f\u5176\u63d0\u4f9b\u8def\u7531\u5668\u529f\u80fd\u3002\n\nMikroTik RouterOS Stable 6.43.12\u53ca\u4e4b\u524d\u7248\u672c\u3001Long-term 6.42.12\u53ca\u4e4b\u524d\u7248\u672c\u548cTesting 6.44beta75\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u8d44\u6e90\u6216\u6587\u4ef6\u8def\u5f84\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u53d7\u9650\u76ee\u5f55\u4e4b\u5916\u7684\u4f4d\u7f6e\u3002",
"discovererName": "Jacob Baines",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://mikrotik.com/download",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2019-13856",
"openTime": "2019-05-13",
"patchDescription": "MikroTik RouterOS\u662f\u62c9\u8131\u7ef4\u4e9aMikroTik\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eLinux\u5f00\u53d1\u7684\u8def\u7531\u5668\u64cd\u4f5c\u7cfb\u7edf\u3002\u8be5\u7cfb\u7edf\u53ef\u90e8\u7f72\u5728PC\u4e2d\uff0c\u4f7f\u5176\u63d0\u4f9b\u8def\u7531\u5668\u529f\u80fd\u3002\r\n\r\nMikroTik RouterOS Stable 6.43.12\u53ca\u4e4b\u524d\u7248\u672c\u3001Long-term 6.42.12\u53ca\u4e4b\u524d\u7248\u672c\u548cTesting 6.44beta75\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u5730\u8fc7\u6ee4\u8d44\u6e90\u6216\u6587\u4ef6\u8def\u5f84\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8bbf\u95ee\u53d7\u9650\u76ee\u5f55\u4e4b\u5916\u7684\u4f4d\u7f6e\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "MikroTik RouterOS\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"MicroTik RouterOS \u003c=Stable 6.43.12",
"MicroTik RouterOS \u003c=Long-term 6.42.12",
"MicroTik RouterOS \u003c=Testing 6.44beta75"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-3943",
"serverity": "\u9ad8",
"submitTime": "2019-04-11",
"title": "MikroTik RouterOS\u76ee\u5f55\u904d\u5386\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…