How severe is CVE-2019-3977?

CVE-2019-3977 has a CVSS v3 score of 7.5 (HIGH).

CVE-2019-3977

Name: routeros
Author: mikrotik

7.5HIGH

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick

Publicado: 10/29/2019Actualizado: 11/21/2024

Descripción

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.

Análisis IAImpulsado por IA

Productos Afectados

mikrotikrouteros

Referencias

https://www.tenable.com/security/research/tra-2019-46
Third Party Advisory
https://www.tenable.com/security/research/tra-2019-46
Third Party Advisory