How severe is CVE-2019-3977?

CVE-2019-3977 has a CVSS v3 score of 7.5 (HIGH).

CVE-2019-3977

Name: routeros
Author: mikrotik

7.5HIGH

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick

公開日: 10/29/2019更新日: 11/21/2024

説明

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.

AI分析AIによる分析

影響を受ける製品

mikrotikrouteros

参照

https://www.tenable.com/security/research/tra-2019-46
Third Party Advisory
https://www.tenable.com/security/research/tra-2019-46
Third Party Advisory