Allele Security Alert
CVE-2019-3978
Identifier(s)
ASA-2019-00618, CVE-2019-3978, TRA-2019-46
Title
Insufficient Protections of a Critical Resource (DNS Requests/Cache)
Vendor(s)
MikroTik
Product(s)
MikroTik RouterOS
Affected version(s)
MikroTik RouterOS Stable versions before 6.45.7
MikroTik RouterOS Long-term versions before 6.44.6
Fixed version(s)
MikroTik RouterOS Stable version 6.45.7
MikroTik RouterOS Long-term version 6.44.6
Proof of concept
Yes
Description
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below allow remote unauthenticated attackers to trigger DNS queries via port 8291. The queries are sent from the router to a server of the attacker’s choice. The DNS responses are cached by the router, potentially resulting in cache poisoning.
Technical details
Unknown
Credits
Jacob Baines (Tenable Research)
Reference(s)
MikroTik RouterOS Multiple Vulnerabilities
https://www.tenable.com/security/research/tra-2019-46
RouterOS: Chain to Root
https://medium.com/tenable-techblog/routeros-chain-to-root-f4e0b07c0b21
winbox_dns_request
https://github.com/tenable/routeros/tree/master/poc/winbox_dns_request
MikroTik Routers and Wireless – Software
https://mikrotik.com/download/changelogs
CVE-2019-3978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3978
CVE-2019-3978
https://nvd.nist.gov/vuln/detail/CVE-2019-3978
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: October 31, 2019