ASA-2019-00423 – Mikrotik RouterOS: Excessive resource consumption via FTP


Allele Security Alert

ASA-2019-00423

Identifier(s)

ASA-2019-00423, CVE-2019-13074

Title

Excessive resource consumption via FTP

Vendor(s)

Mikrotik

Product(s)

Mikrotik RouterOS

Affected version(s)

RouterOS stable version before 6.45.1
RouterOS long-term version before 6.44.5

Fixed version(s)

RouterOS stable version 6.45.1
RouterOS long-term version 6.44.5

Proof of concept

Unknown

Description

A vulnerability in the FTP daemon on MikroTik routers could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.

Technical details

Unknown

Credits

Unknown

Reference(s)

v6.44.5 [long-term] is released!
https://forum.mikrotik.com/viewtopic.php?t=150045

v6.45.1 [stable] is released!
https://forum.mikrotik.com/viewtopic.php?t=149786

Long-term release tree
https://mikrotik.com/download/changelogs/long-term-release-tree

Stable release tree
https://mikrotik.com/download/changelogs/stable-release-tree

CVE-2019-13074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13074

CVE-2019-13074
https://nvd.nist.gov/vuln/detail/CVE-2019-13074

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: July 15, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.