How severe is CVE-2019-3977?

CVE-2019-3977 has a CVSS v3 score of 7.5 (HIGH).

CVE-2019-3977

Name: routeros
Author: mikrotik

7.5HIGH

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick

Опубликовано: 10/29/2019Обновлено: 11/21/2024

Описание

RouterOS 6.45.6 Stable, RouterOS 6.44.5 Long-term, and below insufficiently validate where upgrade packages are download from when using the autoupgrade feature. Therefore, a remote attacker can trick the router into "upgrading" to an older version of RouterOS and possibly reseting all the system's usernames and passwords.

ИИ-АнализНа базе ИИ

Затронутые продукты

mikrotikrouteros

Ссылки

https://www.tenable.com/security/research/tra-2019-46
Third Party Advisory
https://www.tenable.com/security/research/tra-2019-46
Third Party Advisory