MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.
References
Link | Resource |
---|---|
https://fortiguard.com/zeroday/FG-VD-19-108 | Third Party Advisory |
https://forum.mikrotik.com/viewtopic.php?t=151603 | |
https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055 | Exploit Third Party Advisory |
https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90 | Press/Media Coverage Third Party Advisory |
https://mikrotik.com/download/changelogs/testing-release-tree | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2019-08-26T20:12:52
Updated: 2020-10-06T11:25:40
Reserved: 2019-08-14T00:00:00
Link: CVE-2019-15055
JSON object: View
NVD Information
Status : Modified
Published: 2019-08-26T21:15:11.210
Modified: 2020-10-06T12:15:12.400
Link: CVE-2019-15055
JSON object: View
Redhat Information
No data.
CWE