CVE-2019-15055 - OpenCVE

MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Mikrotik	Routeros

Configuration 1 [-]

OR	cpe:2.3:o:mikrotik:routeros::::::::
	cpe:2.3:o:mikrotik:routeros::::::::

References

Link	Resource
https://fortiguard.com/zeroday/FG-VD-19-108	Third Party Advisory
https://forum.mikrotik.com/viewtopic.php?t=151603
https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055	Exploit Third Party Advisory
https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90	Press/Media Coverage Third Party Advisory
https://mikrotik.com/download/changelogs/testing-release-tree	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-08-26T20:12:52

Updated: 2020-10-06T11:25:40

Reserved: 2019-08-14T00:00:00

Link: CVE-2019-15055

JSON object: View

NVD Information

Status : Modified

Published: 2019-08-26T21:15:11.210

Modified: 2020-10-06T12:15:12.400

Link: CVE-2019-15055

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-08-22T00:00:00", "descriptions": [{"lang": "en", "value": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-06T11:25:40", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://mikrotik.com/download/changelogs/testing-release-tree"}, {"tags": ["x_refsource_MISC"], "url": "https://fortiguard.com/zeroday/FG-VD-19-108"}, {"tags": ["x_refsource_MISC"], "url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://forum.mikrotik.com/viewtopic.php?t=151603"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-15055", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://mikrotik.com/download/changelogs/testing-release-tree", "refsource": "CONFIRM", "url": "https://mikrotik.com/download/changelogs/testing-release-tree"}, {"name": "https://fortiguard.com/zeroday/FG-VD-19-108", "refsource": "MISC", "url": "https://fortiguard.com/zeroday/FG-VD-19-108"}, {"name": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90", "refsource": "MISC", "url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"}, {"name": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055", "refsource": "MISC", "url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"}, {"name": "https://forum.mikrotik.com/viewtopic.php?t=151603", "refsource": "CONFIRM", "url": "https://forum.mikrotik.com/viewtopic.php?t=151603"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-15055", "datePublished": "2019-08-26T20:12:52", "dateReserved": "2019-08-14T00:00:00", "dateUpdated": "2020-10-06T11:25:40", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*", "matchCriteriaId": "21A669D0-7960-441F-8B9E-AC28EB6ABEC3", "versionEndIncluding": "6.44.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*", "matchCriteriaId": "6F9A5A79-1FA9-4812-9930-690EDC94DC05", "versionEndIncluding": "6.45.3", "versionStartIncluding": "6.45", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication."}, {"lang": "es", "value": "MikroTik RouterOS a trav\u00e9s de 6.44.5 y 6.45.x a 6.45.3 maneja incorrectamente el nombre del disco, lo que permite a los usuarios autenticados eliminar archivos arbitrarios. Los atacantes pueden aprovechar esta vulnerabilidad para restablecer el almacenamiento de credenciales, lo que les permite acceder a la interfaz de administraci\u00f3n como administrador sin autenticaci\u00f3n."}], "id": "CVE-2019-15055", "lastModified": "2020-10-06T12:15:12.400", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 5.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-26T21:15:11.210", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://fortiguard.com/zeroday/FG-VD-19-108"}, {"source": "cve@mitre.org", "url": "https://forum.mikrotik.com/viewtopic.php?t=151603"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055"}, {"source": "cve@mitre.org", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mikrotik.com/download/changelogs/testing-release-tree"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}