How severe is CVE-2019-3977?

CVE-2019-3977 has a CVSS v3 score of 7.5 (HIGH).

CVE-2019-3977

Name: routeros
Author: mikrotik

7.5HIGH

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick

Publicado: 10/29/2019Atualizado: 11/21/2024

Descrição

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.

Análise IADesenvolvido por IA

Produtos Afetados

mikrotikrouteros

Referências

https://www.tenable.com/security/research/tra-2019-46
Third Party Advisory
https://www.tenable.com/security/research/tra-2019-46
Third Party Advisory