Report

Scan Report
July 23, 2019
Summary
This document reports on the results of an automatic security scan. All dates are dis-
played using the timezone Coordinated Universal Time, which is abbreviated UTC. The
task was 180.92.228.38. The scan started at Tue Jul 23 12:27:51 2019 UTC and ended at
Tue Jul 23 13:32:56 2019 UTC. The report rst summarises the results found. Then, for
each host, the report describes every issue found. Please consider the advice given in each
description, in order to rectify the issue.
Contents
1 Result Overview 2
2 Results per Host 2
2.1 180.92.228.38 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.1 High general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
2.1.2 Medium 2461/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.1.3 Medium general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.1.4 Low general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
1
2 RESULTS PER HOST 2
1 Result Overview
Host High Medium Low Log False Positive

180.92.228.38 6 5 1 0 0
Total: 1 6 5 1 0 0
Vendor security updates are not trusted.

Overrides are on. When a result has an override, this report uses the threat of the override.
Information on overrides is included in the report.
Notes are included in the report.
This report might not show details of all issues that were found.
It only lists hosts that produced issues.
Issues with the threat level Log are not shown.
Issues with the threat level Debug are not shown.
Issues with the threat level False Positive are not shown.
Only results with a minimum QoD of 70 are shown.
This report contains all 12 results selected by the ltering described above. Before ltering
there were 27 results.
2 Results per Host

2.1 180.92.228.38
Host scan start Tue Jul 23 12:28:01 2019 UTC

Host scan end Tue Jul 23 13:32:56 2019 UTC
Service (Port) Threat Level

general/tcp High
2461/tcp Medium
general/tcp Medium
general/tcp Low
2.1.1 High general/tcp
High (CVSS: 10.0)

NVT: MikroTik RouterOS RCE Vulnerability
Product detection result

cpe:/o:mikrotik:routeros:6.34.3
Detected by MikroTik RouterOS Detection Consolidation (OID: 1.3.6.1.4.1.25623.1.
,→0.810608)
. . . continues on next page . . .

. . . continued from previous page . . .
Summary
MikroTik RouterOS is prone to a remote code execution vulnerability in the SMB service.
Vulnerability Detection Result

Installed version: 6.34.3
Fixed version: 6.41.3
Solution
Solution type: VendorFix
Update to version 6.41.3 or later.
Aected Software/OS
MikroTik RouterOS prior to version 6.41.3.
Vulnerability Insight
The buer overow was found in the MikroTik RouterOS SMB service when processing NetBIOS
session request messages. Remote attackers with access to the service can exploit this vulnera-
bility and gain code execution on the system. The overow occurs before authentication takes
place, so it is possible for an unauthenticated remote attacker to exploit it.
Vulnerability Detection Method

Checks if a vulnerable version is present on the target host.
Details: MikroTik RouterOS RCE Vulnerability
OID:1.3.6.1.4.1.25623.1.0.140895
Version used: $Revision: 12116 $
Product Detection Result

Product: cpe:/o:mikrotik:routeros:6.34.3
Method: MikroTik RouterOS Detection Consolidation
OID: 1.3.6.1.4.1.25623.1.0.810608)
References
CVE: CVE-2018-7445
Other:
URL:https://www.exploit-db.com/exploits/44290/
URL:https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-over
,→flow
High (CVSS: 9.0)

NVT: MikroTik RouterOS Multiple Vulnerabilities

,→0.810608)
Summary
MikroTik RouterOS is prone to multiple vulnerabilitites.

Solution
Update to version 6.43, 6.42.7, 6.40.9 or later.
Aected Software/OS
MikroTik RouterOS prior to version 6.42.7 and 6.40.9.
MikroTik RouterOS is prone to multiple vulnerabilitites:
- Stack buer overow through the license upgrade interface (CVE-2018-1156)
- Memory exhaustion vulnerability (CVE-2018-1157)
- Stack exhaustion vulnerability (CVE-2018-1158)
- Memory corruption vulnerability (CVE-2018-1159)

Details: MikroTik RouterOS Multiple Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.141395

OID: 1.3.6.1.4.1.25623.1.0.810608)
References
CVE: CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159
Other:
URL:https://blog.mikrotik.com/security/security-issues-discovered-by-tenable.h
,→tml
URL:https://mikrotik.com/download/changelogs/bugfix-release-tree
URL:https://mikrotik.com/download/changelogs/release-candidate-release-tree
High (CVSS: 7.8)

NVT: MikroTik RouterOS < 6.44.5 (LTS), < 6.45.1 (Stable) Multiple DoS Vulnerabilities


,→0.810608)
Summary
MikroTik RouterOS is prone to multiple denial of service vulnerabilities.

Solution
Update to version 6.44.5 (LTS), 6.45.1 (Stable) or later.
Aected Software/OS
MikroTik RouterOS prior to version 6.44.5 (LTS) and 6.45.1 (Stable).

Details: MikroTik RouterOS < 6.44.5 (LTS), < 6.45.1 (Stable) Multiple DoS Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.142599
Version used: 2019-07-15T08:31:04+0000

OID: 1.3.6.1.4.1.25623.1.0.810608)
References
CVE: CVE-2018-1157, CVE-2018-1158, CVE-2019-11477, CVE-2019-11478, CVE-2019-1147
,→9
Other:
URL:https://mikrotik.com/download/changelogs/stable-release-tree
URL:https://mikrotik.com/download/changelogs/long-term-release-tree
High (CVSS: 7.8)

NVT: MikroTik RouterOS 6.41.4 Denial of Service Vulnerability

,→0.810608)
Summary
MikroTik is prone to a Denial of Service vulnerability.

Fixed version: 6.42
Impact
Successful exploitation would allow an attacker to eectively block access to the target host for
an arbitrary timespan.
Solution
Update to version 6.42 or above.
Aected Software/OS
MikroTik RouterOS through version 6.41.4.
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to
exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21
that begins with many '\0' characters, preventing the aected router from accepting new FTP
connections. The router will reboot after 10 minutes, logging a 'router was rebooted without
proper shutdown' message.

The script checks if the target is a vulnerable device running a vulnerable rmware version.
Details: MikroTik RouterOS 6.41.4 Denial of Service Vulnerability
OID:1.3.6.1.4.1.25623.1.0.113161

OID: 1.3.6.1.4.1.25623.1.0.810608)
References
CVE: CVE-2018-10070
Other:
URL:https://packetstormsecurity.com/files/147183/MikroTik-6.41.4-Denial-Of-Ser
,→vice.html
URL:https://mikrotik.com/download
High (CVSS: 7.8)

NVT: MikroTik Router Multiple Vulnerabilities

,→0.810608)
Summary
Multiple DoS vulnerabilities in MicroTik Router OS v6.40.5 and before.

Fixed version: None
Impact
Successful exploitation would allow an attacker to make the device unavailable.
Solution
Solution type: WillNotFix
No known solution was made available for at least one year since the disclosure of this vulnera-
bility. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.
Aected Software/OS
MikroTik Router OS v6.40.5 and before
The vulnerabilities allow for two ways of causing an Denial of Service:
- An attacker can ood the device with ICMP packets
- An attacker can connect to TCP-port 53 an send data starting with a lot of Null-Byte characters,
probably related to DNS.

The script checks if a vulnerable version is present on the target host.
Details: MikroTik Router Multiple Vulnerabilities
OID:1.3.6.1.4.1.25623.1.0.113068

OID: 1.3.6.1.4.1.25623.1.0.810608)
References
CVE: CVE-2017-17538, CVE-2017-17537

Other:
URL:https://mikrotik.com/download/changelogs/current-release-tree
High (CVSS: 7.5)

NVT: MikroTik RouterOS Directory Traversal Vulnerability (CVE-2019-3943)

,→0.810608)
Summary
MikroTik RouterOS is vulnerable to an authenticated directory traversal vulnerability.

Impact
An authenticated attacker may have read access to the entire lesystem and write access to all
locations that aren't marked as read-only.
Solution
Update to version 6.43.13 (Long-term release), 6.44 (Stable release) or later.
Aected Software/OS
MikroTik RouterOS version 6.42.12 and prior (Long-term release) and 6.43.12 and prior (Stable
release).
The directory traversal allows an authenticated attacker to access les outside of the sandbox
path with mkdir, read and write access.

Details: MikroTik RouterOS Directory Traversal Vulnerability (CVE-2019-3943)
OID:1.3.6.1.4.1.25623.1.0.142239
Version used: 2019-04-11T13:56:06+0000

OID: 1.3.6.1.4.1.25623.1.0.810608)

References
CVE: CVE-2019-3943
Other:
URL:https://www.tenable.com/security/research/tra-2019-16
[ return to 180.92.228.38 ]
2.1.2 Medium 2461/tcp
Medium (CVSS: 5.0)

NVT: Microsoft IIS UNC Mapped Virtual Host Vulnerability
Summary
Your IIS webserver allows the retrieval of ASP/HTR source code.

Vulnerable url: http://180.92.228.38:2461/index.asp%5C
Impact
An attacker can use this vulnerability to see how your pages interact and nd holes in them to
exploit.
Solution

Details: Microsoft IIS UNC Mapped Virtual Host Vulnerability
OID:1.3.6.1.4.1.25623.1.0.11443
References
CVE: CVE-2000-0246
BID:1081
[ return to 180.92.228.38 ]
2.1.3 Medium general/tcp

Medium (CVSS: 6.8)

NVT: MikroTik RouterOS 6.41.4 Authentication Bypass Vulnerability

,→0.810608)
Summary
An issue was discovered in MikroTik RouterOS. Missing OpenVPN server certicate verication
allows a remote unauthenticated attacker capable of intercepting client trac to act as a malicious
OpenVPN server.

Fixed version: None
Impact
Successful exploitation may allow an attacker to gain access to the target host's internal network.
Solution
Aected Software/OS
MikroTik RouterOS through version 6.41.4

Details: MikroTik RouterOS 6.41.4 Authentication Bypass Vulnerability
OID:1.3.6.1.4.1.25623.1.0.113156
Version used: 2019-04-18T07:49:40+0000

OID: 1.3.6.1.4.1.25623.1.0.810608)
References
CVE: CVE-2018-10066
Other:
URL:https://janis-streib.de/2018/04/11/mikrotik-openvpn-security/
URL:https://mikrotik.com/download
Medium (CVSS: 6.4)

NVT: Mikrotik RouterOS 'Winbox Service' Information Disclosure Vulnerability

,→0.810608)
Summary
This host is running Mikrotik RouterOS and is prone to information disclosure vulnerability.

Installation
path / port: /
Impact
Successful exploitation will allow a remote attacker to connect to the WinBox port and download
a user database le. The remote user can then log in and take control of the router.
Solution
Upgrade to MikroTik Router OS version 6.42.1 or 6.43rc4 or later.
Aected Software/OS
MikroTik Router OS versions 6.29 through 6.42, 6.43rcx prior to 6.43rc4
The aw exists due to an error in the winbox service of routeros which allows remote users to
download a user database le without successful authentication.

Details: Mikrotik RouterOS 'Winbox Service' Information Disclosure Vulnerability
OID:1.3.6.1.4.1.25623.1.0.813155
Version used: 2019-05-17T10:45:27+0000

OID: 1.3.6.1.4.1.25623.1.0.810608)
References
CVE: CVE-2018-14847
Other:

URL:https://forum.mikrotik.com/viewtopic.php?t=133533
Medium (CVSS: 5.8)

NVT: MikroTik RouterOS WPA2 Key Reinstallation Vulnerabilities - KRACK

,→0.810608)
Summary
WPA2 as used in MikroTik RouterOS is prone to multiple security weaknesses aka Key Rein-
stallation Attacks (KRACK).

Impact
Exploiting these issues may allow an unauthorized user to intercept and manipulate data or
disclose sensitive information. This may aid in further attacks.
Solution
Upgrade to one of the following RouterOS versions:
- - v6.39.3 or later
- - v6.40.4 or later
- - v6.41rc or later
Aected Software/OS
Aected modes:
For AP devices: WDS WiFi/nstreme
For CPE devices (MikroTik Station mode): WiFi, nstreme
Aected versions prior to v6.39.3 and v6.40.x prior to v6.40.4.

Details: MikroTik RouterOS WPA2 Key Reinstallation Vulnerabilities - KRACK
OID:1.3.6.1.4.1.25623.1.0.108254

OID: 1.3.6.1.4.1.25623.1.0.810608)

References
CVE: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13
,→081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-
,→13088
BID:101274
Other:
URL:https://forum.mikrotik.com/viewtopic.php?f=21&t=126695
URL:http://www.securityfocus.com/bid/101274
URL:https://www.krackattacks.com/
URL:https://mikrotik.com/download/changelogs/
Medium (CVSS: 5.0)

NVT: MikroTik RouterOS Intermediary Vulnerability

,→0.810608)
Summary
MikroTik RouterOS is vulnerable to an intermediary vulnerability. The software will execute
user dened network requests to both WAN and LAN clients. A remote unauthenticated attacker
can use this vulnerability to bypass the router's rewall or for general network scanning activities.

Solution
Update to version 6.42.1, 6.43.12 or later.
Aected Software/OS
MikroTik RouterOS prior to version 6.42.12 and 6.43.12.

Details: MikroTik RouterOS Intermediary Vulnerability
OID:1.3.6.1.4.1.25623.1.0.142020


OID: 1.3.6.1.4.1.25623.1.0.810608)
References
CVE: CVE-2019-3924
Other:
URL:https://www.tenable.com/security/research/tra-2019-07
[ return to 180.92.228.38 ]
2.1.4 Low general/tcp
Low (CVSS: 2.6)

NVT: TCP timestamps
Summary
The remote host implements TCP timestamps and therefore allows to compute the uptime.

It was detected that the host implements RFC1323.
The following timestamps were retrieved with a delay of 1 seconds in-between:
Packet 1: 3651762
Packet 2: 3651873
Impact
A side eect of this feature is that the uptime of the remote host can sometimes be computed.
Solution
Solution type: Mitigation
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options
when initiating TCP connections, but use them if the TCP peer that is initiating communication
includes them in their synchronize (SYN) segment.
See the references for more information.
Aected Software/OS
TCP/IPv4 implementations that implement RFC1323.
The remote host implements TCP timestamps, as dened by RFC1323.

Special IP packets are forged and sent with a little delay in between to the target IP. The
responses are searched for a timestamps. If found, the timestamps are reported.
Details: TCP timestamps
OID:1.3.6.1.4.1.25623.1.0.80091
References
Other:
URL:http://www.ietf.org/rfc/rfc1323.txt
URL:http://www.microsoft.com/en-us/download/details.aspx?id=9152
[ return to 180.92.228.38 ]
This le was automatically generated.

Report

Caricato da

Informazioni sul documento

Titolo originale

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Report

Caricato da

Copyright:

Formati disponibili

Scan Report

July 23, 2019

2.1.1 High general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2

2.1.2 Medium 2461/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.1.3 Medium general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

2.1.4 Low general/tcp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Host High Medium Low Log False Positive

Vendor security updates are not trusted.

2 Results per Host

Host scan start Tue Jul 23 12:28:01 2019 UTC

Service (Port) Threat Level

2.1.1 High general/tcp

High (CVSS: 10.0)

Product detection result

. . . continues on next page . . .

. . . continued from previous page . . .

Vulnerability Detection Result

Vulnerability Detection Method

Product Detection Result

High (CVSS: 9.0)

Product detection result

. . . continued from previous page . . .

Vulnerability Detection Result

Vulnerability Detection Method

Product Detection Result

High (CVSS: 7.8)

. . . continues on next page . . .

. . . continued from previous page . . .

Vulnerability Detection Result

Vulnerability Detection Method

Product Detection Result

High (CVSS: 7.8)

Product detection result

. . . continued from previous page . . .

Vulnerability Detection Result

Vulnerability Detection Method

Product Detection Result

High (CVSS: 7.8)

Product detection result

Vulnerability Detection Result

Vulnerability Detection Method

Product Detection Result

. . . continued from previous page . . .

High (CVSS: 7.5)

Product detection result

Vulnerability Detection Result

Vulnerability Detection Method

Product Detection Result

. . . continues on next page . . .

. . . continued from previous page . . .

2.1.2 Medium 2461/tcp

Medium (CVSS: 5.0)

Vulnerability Detection Result

Vulnerability Detection Method

2.1.3 Medium general/tcp

Medium (CVSS: 6.8)

Product detection result

Vulnerability Detection Result

Vulnerability Detection Method

Product Detection Result

Medium (CVSS: 6.4)

Product detection result

Vulnerability Detection Result

This le was automatically generated.