CVE-2023-30800 - OpenCVE

The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Mikrotik	Routeros

Configuration 1 [-]

cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*

References

Link	Resource
https://vulncheck.com/advisories/mikrotik-jsproxy-dos	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: VulnCheck

Published: 2023-09-07T15:43:54.429Z

Updated: 2023-09-07T15:43:54.429Z

Reserved: 2023-04-18T10:31:45.962Z

Link: CVE-2023-30800

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-09-07T16:15:07.670

Modified: 2023-09-12T14:18:05.673

Link: CVE-2023-30800

JSON object: View

Redhat Information

No data.

CWE

CWE-787

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-30800", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2023-04-18T10:31:45.962Z", "datePublished": "2023-09-07T15:43:54.429Z", "dateUpdated": "2023-09-07T15:43:54.429Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "platforms": ["x86", "ARM", "PPC", "MIPSBE"], "product": "RouterOS", "vendor": "MikroTik", "versions": [{"status": "unaffected", "version": "6.49.10"}, {"status": "affected", "version": "6.49.9"}, {"status": "affected", "version": "6.48.8"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Jacob Baines"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.<br>"}], "value": "The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.\n"}], "impacts": [{"capecId": "CAPEC-123", "descriptions": [{"lang": "en", "value": "CAPEC-123 Buffer Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2023-09-07T15:43:54.429Z"}, "references": [{"url": "https://vulncheck.com/advisories/mikrotik-jsproxy-dos"}], "source": {"discovery": "UNKNOWN"}, "title": "MikroTik RouterOS Web Interface Heap Corruption", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*", "matchCriteriaId": "3C171D42-9A4F-43E0-BF7C-13A7FEC2F049", "versionEndExcluding": "6.49.10", "versionStartIncluding": "6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The web server used by MikroTik RouterOS version 6 is affected by a heap memory corruption issue. A remote and unauthenticated attacker can corrupt the server's heap memory by sending a crafted HTTP request. As a result, the web interface crashes and is immediately restarted. The issue was fixed in RouterOS 6.49.10 stable. RouterOS version 7 is not affected.\n"}, {"lang": "es", "value": "El servidor web utilizado por MikroTik RouterOS versi\u00f3n 6 se ve afectado por un problema de corrupci\u00f3n de memoria. Un atacante remoto y no autenticado puede da\u00f1ar la memoria de almacenamiento din\u00e1mico del servidor mediante el env\u00edo de una solicitud HTTP manipulada. Como resultado, la interfaz web se bloquea y se reinicia inmediatamente. El problema se solucion\u00f3 en RouterOS 6.49.10 stable. RouterOS versi\u00f3n 7 no se ve afectado."}], "id": "CVE-2023-30800", "lastModified": "2023-09-12T14:18:05.673", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2023-09-07T16:15:07.670", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://vulncheck.com/advisories/mikrotik-jsproxy-dos"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}