Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Summary
This document reports on the results of an automatic security scan. All dates are dis-
played using the timezone Coordinated Universal Time, which is abbreviated UTC. The
task was 180.92.228.38. The scan started at Tue Jul 23 12:27:51 2019 UTC and ended at
Tue Jul 23 13:32:56 2019 UTC. The report rst summarises the results found. Then, for
each host, the report describes every issue found. Please consider the advice given in each
description, in order to rectify the issue.
Contents
1 Result Overview 2
2 Results per Host 2
2.1 180.92.228.38 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1
2 RESULTS PER HOST 2
1 Result Overview
This report contains all 12 results selected by the ltering described above. Before ltering
there were 27 results.
Summary
MikroTik RouterOS is prone to a remote code execution vulnerability in the SMB service.
Solution
Solution type: VendorFix
Update to version 6.41.3 or later.
Aected Software/OS
MikroTik RouterOS prior to version 6.41.3.
Vulnerability Insight
The buer overow was found in the MikroTik RouterOS SMB service when processing NetBIOS
session request messages. Remote attackers with access to the service can exploit this vulnera-
bility and gain code execution on the system. The overow occurs before authentication takes
place, so it is possible for an unauthenticated remote attacker to exploit it.
References
CVE: CVE-2018-7445
Other:
URL:https://www.exploit-db.com/exploits/44290/
URL:https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-over
,→flow
Summary
MikroTik RouterOS is prone to multiple vulnerabilitites.
Solution
Solution type: VendorFix
Update to version 6.43, 6.42.7, 6.40.9 or later.
Aected Software/OS
MikroTik RouterOS prior to version 6.42.7 and 6.40.9.
Vulnerability Insight
MikroTik RouterOS is prone to multiple vulnerabilitites:
- Stack buer overow through the license upgrade interface (CVE-2018-1156)
- Memory exhaustion vulnerability (CVE-2018-1157)
- Stack exhaustion vulnerability (CVE-2018-1158)
- Memory corruption vulnerability (CVE-2018-1159)
References
CVE: CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159
Other:
URL:https://blog.mikrotik.com/security/security-issues-discovered-by-tenable.h
,→tml
URL:https://mikrotik.com/download/changelogs/bugfix-release-tree
URL:https://mikrotik.com/download/changelogs/release-candidate-release-tree
Summary
MikroTik RouterOS is prone to multiple denial of service vulnerabilities.
Solution
Solution type: VendorFix
Update to version 6.44.5 (LTS), 6.45.1 (Stable) or later.
Aected Software/OS
MikroTik RouterOS prior to version 6.44.5 (LTS) and 6.45.1 (Stable).
References
CVE: CVE-2018-1157, CVE-2018-1158, CVE-2019-11477, CVE-2019-11478, CVE-2019-1147
,→9
Other:
URL:https://mikrotik.com/download/changelogs/stable-release-tree
URL:https://mikrotik.com/download/changelogs/long-term-release-tree
Summary
MikroTik is prone to a Denial of Service vulnerability.
Impact
Successful exploitation would allow an attacker to eectively block access to the target host for
an arbitrary timespan.
Solution
Solution type: VendorFix
Update to version 6.42 or above.
Aected Software/OS
MikroTik RouterOS through version 6.41.4.
Vulnerability Insight
A vulnerability in MikroTik Version 6.41.4 could allow an unauthenticated remote attacker to
exhaust all available CPU and all available RAM by sending a crafted FTP request on port 21
that begins with many '\0' characters, preventing the aected router from accepting new FTP
connections. The router will reboot after 10 minutes, logging a 'router was rebooted without
proper shutdown' message.
References
CVE: CVE-2018-10070
Other:
URL:https://packetstormsecurity.com/files/147183/MikroTik-6.41.4-Denial-Of-Ser
,→vice.html
URL:https://mikrotik.com/download
2 RESULTS PER HOST 7
Summary
Multiple DoS vulnerabilities in MicroTik Router OS v6.40.5 and before.
Impact
Successful exploitation would allow an attacker to make the device unavailable.
Solution
Solution type: WillNotFix
No known solution was made available for at least one year since the disclosure of this vulnera-
bility. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.
Aected Software/OS
MikroTik Router OS v6.40.5 and before
Vulnerability Insight
The vulnerabilities allow for two ways of causing an Denial of Service:
- An attacker can ood the device with ICMP packets
- An attacker can connect to TCP-port 53 an send data starting with a lot of Null-Byte characters,
probably related to DNS.
References
CVE: CVE-2017-17538, CVE-2017-17537
. . . continues on next page . . .
2 RESULTS PER HOST 8
Summary
MikroTik RouterOS is vulnerable to an authenticated directory traversal vulnerability.
Impact
An authenticated attacker may have read access to the entire lesystem and write access to all
locations that aren't marked as read-only.
Solution
Solution type: VendorFix
Update to version 6.43.13 (Long-term release), 6.44 (Stable release) or later.
Aected Software/OS
MikroTik RouterOS version 6.42.12 and prior (Long-term release) and 6.43.12 and prior (Stable
release).
Vulnerability Insight
The directory traversal allows an authenticated attacker to access les outside of the sandbox
path with mkdir, read and write access.
References
CVE: CVE-2019-3943
Other:
URL:https://mikrotik.com/download/changelogs/bugfix-release-tree
URL:https://mikrotik.com/download/changelogs/release-candidate-release-tree
URL:https://www.tenable.com/security/research/tra-2019-16
[ return to 180.92.228.38 ]
Summary
Your IIS webserver allows the retrieval of ASP/HTR source code.
Impact
An attacker can use this vulnerability to see how your pages interact and nd holes in them to
exploit.
Solution
Solution type: WillNotFix
No known solution was made available for at least one year since the disclosure of this vulnera-
bility. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.
References
CVE: CVE-2000-0246
BID:1081
[ return to 180.92.228.38 ]
Summary
An issue was discovered in MikroTik RouterOS. Missing OpenVPN server certicate verication
allows a remote unauthenticated attacker capable of intercepting client trac to act as a malicious
OpenVPN server.
Impact
Successful exploitation may allow an attacker to gain access to the target host's internal network.
Solution
Solution type: WillNotFix
No known solution was made available for at least one year since the disclosure of this vulnera-
bility. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.
Aected Software/OS
MikroTik RouterOS through version 6.41.4
References
CVE: CVE-2018-10066
Other:
URL:https://janis-streib.de/2018/04/11/mikrotik-openvpn-security/
URL:https://mikrotik.com/download
2 RESULTS PER HOST 11
Summary
This host is running Mikrotik RouterOS and is prone to information disclosure vulnerability.
Impact
Successful exploitation will allow a remote attacker to connect to the WinBox port and download
a user database le. The remote user can then log in and take control of the router.
Solution
Solution type: VendorFix
Upgrade to MikroTik Router OS version 6.42.1 or 6.43rc4 or later.
Aected Software/OS
MikroTik Router OS versions 6.29 through 6.42, 6.43rcx prior to 6.43rc4
Vulnerability Insight
The aw exists due to an error in the winbox service of routeros which allows remote users to
download a user database le without successful authentication.
References
CVE: CVE-2018-14847
Other:
. . . continues on next page . . .
2 RESULTS PER HOST 12
Summary
WPA2 as used in MikroTik RouterOS is prone to multiple security weaknesses aka Key Rein-
stallation Attacks (KRACK).
Impact
Exploiting these issues may allow an unauthorized user to intercept and manipulate data or
disclose sensitive information. This may aid in further attacks.
Solution
Solution type: VendorFix
Upgrade to one of the following RouterOS versions:
- - v6.39.3 or later
- - v6.40.4 or later
- - v6.41rc or later
Aected Software/OS
Aected modes:
For AP devices: WDS WiFi/nstreme
For CPE devices (MikroTik Station mode): WiFi, nstreme
Aected versions prior to v6.39.3 and v6.40.x prior to v6.40.4.
References
CVE: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13
,→081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-
,→13088
BID:101274
Other:
URL:https://forum.mikrotik.com/viewtopic.php?f=21&t=126695
URL:http://www.securityfocus.com/bid/101274
URL:https://www.krackattacks.com/
URL:https://mikrotik.com/download/changelogs/
Summary
MikroTik RouterOS is vulnerable to an intermediary vulnerability. The software will execute
user dened network requests to both WAN and LAN clients. A remote unauthenticated attacker
can use this vulnerability to bypass the router's rewall or for general network scanning activities.
Solution
Solution type: VendorFix
Update to version 6.42.1, 6.43.12 or later.
Aected Software/OS
MikroTik RouterOS prior to version 6.42.12 and 6.43.12.
References
CVE: CVE-2019-3924
Other:
URL:https://mikrotik.com/download/changelogs/bugfix-release-tree
URL:https://mikrotik.com/download/changelogs/release-candidate-release-tree
URL:https://www.tenable.com/security/research/tra-2019-07
[ return to 180.92.228.38 ]
Summary
The remote host implements TCP timestamps and therefore allows to compute the uptime.
Impact
A side eect of this feature is that the uptime of the remote host can sometimes be computed.
Solution
Solution type: Mitigation
To disable TCP timestamps on linux add the line 'net.ipv4.tcp_timestamps = 0' to
/etc/sysctl.conf. Execute 'sysctl -p' to apply the settings at runtime.
To disable TCP timestamps on Windows execute 'netsh int tcp set global timestamps=disabled'
Starting with Windows Server 2008 and Vista, the timestamp can not be completely disabled.
The default behavior of the TCP/IP stack on this Systems is to not use the Timestamp options
when initiating TCP connections, but use them if the TCP peer that is initiating communication
includes them in their synchronize (SYN) segment.
See the references for more information.
Aected Software/OS
TCP/IPv4 implementations that implement RFC1323.
Vulnerability Insight
The remote host implements TCP timestamps, as dened by RFC1323.
. . . continues on next page . . .
2 RESULTS PER HOST 15
References
Other:
URL:http://www.ietf.org/rfc/rfc1323.txt
URL:http://www.microsoft.com/en-us/download/details.aspx?id=9152
[ return to 180.92.228.38 ]