Allele Security Alert
ASA-2019-00473
Identifier(s)
ASA-2019-00473, CVE-2019-13954
Title
Memory exhaustion via a crafted POST request
Vendor(s)
Mikrotik
Product(s)
Mikrotik RouterOS
Affected version(s)
Mikrotik RouterOS long-term release tree before version 6.44.5
Mikrotik RouterOS stable release tree before version 6.45.1
Fixed version(s)
Mikrotik RouterOS long-term release tree version 6.44.5
Mikrotik RouterOS stable release tree version 6.45.1
Proof of concept
Yes
Description
This vulnerability is similar to the CVE-2018-1157. An authenticated user can cause the www binary to consume all memory via a crafted POST request to /jsproxy/upload. It’s because of the incomplete fix for the CVE-2018-1157.
Technical details
Based on the public proof of concept for CVE-2018-1157, crafting a filename ending with many ‘\x00’ can bypass the original fix to trigger the vulnerability.
Credits
Qian Chen (Qihoo 360 Nirvan Team)
Reference(s)
Two vulnerabilities found in MikroTik’s RouterOS
https://seclists.org/fulldisclosure/2019/Jul/20
CVE-2018-1157
https://github.com/tenable/routeros/tree/master/poc/cve_2018_1157
Long-term release tree
https://mikrotik.com/download/changelogs/long-term-release-tree
Stable release tree
https://mikrotik.com/download/changelogs/stable-release-tree
CVE-2018-1157
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1157
CVE-2018-1157
https://nvd.nist.gov/vuln/detail/CVE-2018-1157
CVE-2019-13954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13954
CVE-2019-13954
https://nvd.nist.gov/vuln/detail/CVE-2019-13954
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: November 30, 2020