ASA-2019-00618 – MikroTik RouterOS: Insufficient Protections of a Critical Resource (DNS Requests/Cache)

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

CVE-2019-3978

Identifier(s)

ASA-2019-00618, CVE-2019-3978, TRA-2019-46

Title

Insufficient Protections of a Critical Resource (DNS Requests/Cache)

Vendor(s)

MikroTik

Product(s)

MikroTik RouterOS

Affected version(s)

MikroTik RouterOS Stable versions before 6.45.7
MikroTik RouterOS Long-term versions before 6.44.6

Fixed version(s)

MikroTik RouterOS Stable version 6.45.7
MikroTik RouterOS Long-term version 6.44.6

Proof of concept

Yes

Description

RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker’s choice. The DNS responses are cached by the router, potentially resulting in cache poisoning.

Technical details

Unknown

Credits

Jacob Baines (Tenable Research)

Reference(s)

MikroTik RouterOS Multiple Vulnerabilities
https://www.tenable.com/security/research/tra-2019-46

RouterOS: Chain to Root
https://medium.com/tenable-techblog/routeros-chain-to-root-f4e0b07c0b21

winbox_dns_request
https://github.com/tenable/routeros/tree/master/poc/winbox_dns_request

MikroTik Routers and Wireless – Software
https://mikrotik.com/download/changelogs

CVE-2019-3978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3978

CVE-2019-3978
https://nvd.nist.gov/vuln/detail/CVE-2019-3978

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: October 31, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.