CVE-2019-3943

Exploit

EPSS 0.58%
Veröffentlicht 10.04.2019 21:29:01
Zuletzt bearbeitet 21.11.2024 04:42:54
Quelle vulnreport@tenable.com
CVE-Watchlists
Login
Unerledigt
Login

MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mikrotik ≫ Routeros SwEditionltr Version <= 6.42.12

Mikrotik ≫ Routeros SwEdition- Version <= 6.43.12

Mikrotik ≫ Routeros Version6.41 Updaterc31 SwEditiontesting

Mikrotik ≫ Routeros Version6.41 Updaterc32 SwEditiontesting

Mikrotik ≫ Routeros Version6.41 Updaterc34 SwEditiontesting

Mikrotik ≫ Routeros Version6.41 Updaterc37 SwEditiontesting

Mikrotik ≫ Routeros Version6.41 Updaterc38 SwEditiontesting

Mikrotik ≫ Routeros Version6.41 Updaterc44 SwEditiontesting

Mikrotik ≫ Routeros Version6.41 Updaterc47 SwEditiontesting

Mikrotik ≫ Routeros Version6.41 Updaterc50 SwEditiontesting

Mikrotik ≫ Routeros Version6.41 Updaterc52 SwEditiontesting

Mikrotik ≫ Routeros Version6.41 Updaterc56 SwEditiontesting

Mikrotik ≫ Routeros Version6.41 Updaterc61 SwEditiontesting

Mikrotik ≫ Routeros Version6.41 Updaterc66 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc11 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc12 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc14 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc15 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc18 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc2 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc20 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc23 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc24 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc27 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc28 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc30 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc35 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc37 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc39 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc41 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc43 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc46 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc48 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc49 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc5 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc52 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc56 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc6 SwEditiontesting

Mikrotik ≫ Routeros Version6.42 Updaterc9 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc11 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc12 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc14 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc17 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc19 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc21 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc23 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc27 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc29 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc3 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc32 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc34 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc4 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc40 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc42 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc44 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc45 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc5 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc51 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc56 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc6 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc64 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc66 SwEditiontesting

Mikrotik ≫ Routeros Version6.43 Updaterc7 SwEditiontesting

Mikrotik ≫ Routeros Version6.44 Updatebeta14 SwEditiontesting

Mikrotik ≫ Routeros Version6.44 Updatebeta17 SwEditiontesting

Mikrotik ≫ Routeros Version6.44 Updatebeta20 SwEditiontesting

Mikrotik ≫ Routeros Version6.44 Updatebeta28 SwEditiontesting

Mikrotik ≫ Routeros Version6.44 Updatebeta39 SwEditiontesting

Mikrotik ≫ Routeros Version6.44 Updatebeta40 SwEditiontesting

Mikrotik ≫ Routeros Version6.44 Updatebeta50 SwEditiontesting

Mikrotik ≫ Routeros Version6.44 Updatebeta54 SwEditiontesting

Mikrotik ≫ Routeros Version6.44 Updatebeta6 SwEditiontesting

Mikrotik ≫ Routeros Version6.44 Updatebeta61 SwEditiontesting

Mikrotik ≫ Routeros Version6.44 Updatebeta75 SwEditiontesting

Mikrotik ≫ Routeros Version6.44 Updatebeta9 SwEditiontesting

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.679

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	7.5	8	7.8	AV:N/AC:L/Au:S/C:C/I:P/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

https://www.tenable.com/security/research/tra-2019-16

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-3943

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-3943

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-3943

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-3943