Allele Security Alert
ASA-2019-00423
Identifier(s)
ASA-2019-00423, CVE-2019-13074
Title
Excessive resource consumption via FTP
Vendor(s)
Mikrotik
Product(s)
Mikrotik RouterOS
Affected version(s)
RouterOS stable version before 6.45.1
RouterOS long-term version before 6.44.5
Fixed version(s)
RouterOS stable version 6.45.1
RouterOS long-term version 6.44.5
Proof of concept
Unknown
Description
A vulnerability in the FTP daemon on MikroTik routers could allow remote attackers to exhaust all available memory, causing the device to reboot because of uncontrolled resource management.
Technical details
Unknown
Credits
Unknown
Reference(s)
v6.44.5 [long-term] is released!
https://forum.mikrotik.com/viewtopic.php?t=150045
v6.45.1 [stable] is released!
https://forum.mikrotik.com/viewtopic.php?t=149786
Long-term release tree
https://mikrotik.com/download/changelogs/long-term-release-tree
Stable release tree
https://mikrotik.com/download/changelogs/stable-release-tree
CVE-2019-13074
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13074
CVE-2019-13074
https://nvd.nist.gov/vuln/detail/CVE-2019-13074
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: July 15, 2019