CVE-2019-15055 - Vulnerability Details - OpenCVE

MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mikrotik	Routeros

Configuration 1 [-]

OR	cpe:2.3:o:mikrotik:routeros::::::::
	cpe:2.3:o:mikrotik:routeros::::::::

No data.

References

Link	Providers
https://fortiguard.com/zeroday/FG-VD-19-108
https://forum.mikrotik.com/viewtopic.php?t=151603
https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055
https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90
https://mikrotik.com/download/changelogs/testing-release-tree

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-26T20:12:52

Updated: 2024-08-05T00:34:53.153Z

Reserved: 2019-08-14T00:00:00

Link: CVE-2019-15055

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-08-26T21:15:11.210

Modified: 2024-11-21T04:27:58.123

Link: CVE-2019-15055

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-08-22T00:00:00", "descriptions": [{"lang": "en", "value": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-06T11:25:40", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://mikrotik.com/download/changelogs/testing-release-tree"}, {"tags": ["x_refsource_MISC"], "url": "https://fortiguard.com/zeroday/FG-VD-19-108"}, {"tags": ["x_refsource_MISC"], "url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://forum.mikrotik.com/viewtopic.php?t=151603"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15055", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://mikrotik.com/download/changelogs/testing-release-tree", "refsource": "CONFIRM", "url": "https://mikrotik.com/download/changelogs/testing-release-tree"}, {"name": "https://fortiguard.com/zeroday/FG-VD-19-108", "refsource": "MISC", "url": "https://fortiguard.com/zeroday/FG-VD-19-108"}, {"name": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90", "refsource": "MISC", "url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"}, {"name": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055", "refsource": "MISC", "url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"}, {"name": "https://forum.mikrotik.com/viewtopic.php?t=151603", "refsource": "CONFIRM", "url": "https://forum.mikrotik.com/viewtopic.php?t=151603"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T00:34:53.153Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://mikrotik.com/download/changelogs/testing-release-tree"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://fortiguard.com/zeroday/FG-VD-19-108"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://forum.mikrotik.com/viewtopic.php?t=151603"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15055", "datePublished": "2019-08-26T20:12:52", "dateReserved": "2019-08-14T00:00:00", "dateUpdated": "2024-08-05T00:34:53.153Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*", "matchCriteriaId": "21A669D0-7960-441F-8B9E-AC28EB6ABEC3", "versionEndIncluding": "6.44.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F9A5A79-1FA9-4812-9930-690EDC94DC05", "versionEndIncluding": "6.45.3", "versionStartIncluding": "6.45", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication."}, {"lang": "es", "value": "MikroTik RouterOS a trav\u00e9s de 6.44.5 y 6.45.x a 6.45.3 maneja incorrectamente el nombre del disco, lo que permite a los usuarios autenticados eliminar archivos arbitrarios. Los atacantes pueden aprovechar esta vulnerabilidad para restablecer el almacenamiento de credenciales, lo que les permite acceder a la interfaz de administraci\u00f3n como administrador sin autenticaci\u00f3n."}], "id": "CVE-2019-15055", "lastModified": "2024-11-21T04:27:58.123", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-26T21:15:11.210", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://fortiguard.com/zeroday/FG-VD-19-108"}, {"source": "cve@mitre.org", "url": "https://forum.mikrotik.com/viewtopic.php?t=151603"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"}, {"source": "cve@mitre.org", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mikrotik.com/download/changelogs/testing-release-tree"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://fortiguard.com/zeroday/FG-VD-19-108"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://forum.mikrotik.com/viewtopic.php?t=151603"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mikrotik.com/download/changelogs/testing-release-tree"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}