CVE-2019-3943
Published Apr 10, 2019
Last updated 5 years ago
Overview
- Description
- MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk).
- Source
- vulnreport@tenable.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 7.8
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:C/I:P/A:N
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACADC6D1-CFEF-4F9D-966C-64D3BB0C2256",
"versionEndIncluding": "6.42.12"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*",
"vulnerable": true,
"matchCriteriaId": "829F9974-1A56-4391-AFA9-4BB4B3096AFD",
"versionEndIncluding": "6.43.12"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc31:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C7DDCBF9-152C-421C-B326-CCFB62A42C17"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc32:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA89BEC4-62A8-4DA7-AB2A-2D18A643E3F8"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc34:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BCA389CA-532D-432C-A5C0-69C3CFA207C9"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc37:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C950CF8-62A1-4A26-9133-108DAB661394"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc38:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB7ECE0C-B21E-4EFB-85D3-1A5A846D75FB"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc44:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FC3F259-1C2A-4393-86E2-103495570F49"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc47:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C097CA40-9528-43DF-B3B7-59722AE5866A"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc50:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3793BBE-8E1A-4C07-9A52-E6DA4FE0DD3D"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc52:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CE5A816B-6663-4633-886A-AD7E3CBA5E33"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc56:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B851706B-4A98-4FD3-99B0-CE239D419808"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc61:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40D21FB7-E7C5-46B4-B89A-81F84EEB62B5"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc66:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5AAB3F87-47C7-4726-8DF1-09261C7C0613"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B353D6FD-C9FD-4458-82AA-F9FE168B04D9"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5A92D37-C91C-4229-9B6D-C8FDB5C1DED7"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8B77E44-F502-4164-95A7-60C53F4C465A"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EAF10AE7-F48F-4FEC-A43A-7E5A45AF5B9C"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB43A291-A77C-445D-9F68-1FA21C257561"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EF252049-8D6D-47D7-9543-3B53D7D0DA6E"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48006BD1-EF86-4205-A1F7-C8A0D3D73EAE"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F4D0CB8-F170-49E1-BB20-E4A3698FCE69"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A6A9B305-ECE5-45C6-8417-BC2AAF9F4FE2"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc27:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E76F79DB-F504-4495-B992-E895B0F0871E"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc28:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2B6691E-55DA-4D39-BD80-2BCF16952308"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc30:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A710D231-1F22-4F38-B228-30CDF0169149"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc35:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F83EF0A6-CA00-404C-AC6C-14BB10C329B5"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc37:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDA42D78-29F2-48B4-9422-3D39BA408E43"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc39:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6643B0FC-93D5-4F10-AC3C-323F598C5013"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc41:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02F11653-1822-4D53-A6ED-745AC401AD4B"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc43:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BF25BBD-CF35-4EE1-8A7A-EEEBD662E0DB"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc46:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2D70CCC2-48CF-4DAA-ABDF-B81F3DAA7EBC"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc48:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7DF5E7C1-0426-4B1E-A44F-C91AF4F0CCAC"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc49:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB9A9D2C-697D-4ED3-9DBC-7A783C35DA91"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C50C6C42-A148-4CBF-B843-D2DB89104387"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc52:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "525C6344-D579-4697-B092-94E75EAD7755"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc56:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F81532B9-1525-417E-8BF2-E4A8055D2DE0"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F9181C2-FF73-4BDF-90EE-00F6B066B7EC"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A44766F0-BCBF-433B-BEB0-13EB334899EF"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc11:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FA5B37B-9EB7-4A1C-9A20-26AFAEC2F221"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc12:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1D9CCDE-2F9A-4F6F-A457-B9671E1B5874"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc14:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73E3C281-E554-412F-941A-B55BA70AC7F1"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc17:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7F4223D5-0C3D-4C7E-A7B3-D1074A2FE75C"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc19:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0A088124-8494-4E57-87C0-E75EEA4098DF"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc21:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "090A232C-1F78-4C92-854D-BA91398770D2"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc23:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4A4F1E1-2510-487D-AC6A-68D4450CDA06"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc27:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "28D50A65-95AF-479C-9661-35378B3ED2B4"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc29:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F478173-186D-436D-A200-4F20A7303630"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc3:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8E009CEF-1FE9-47B4-BC46-382D972B47EE"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc32:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8E34937-3118-4FA0-B5CD-BA14F64507A7"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc34:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9D9786EA-C661-4478-AFA0-00728CBB246D"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc4:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "13F7DF28-170C-44E9-B39C-AB4B85B42201"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc40:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9823F4EF-9B49-4E4F-8B89-DF02D61C5146"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc42:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06860FB4-20D8-43B7-B530-CAD0BA186EF6"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc44:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25882AF0-E9A2-4952-A1E3-755A1DBA2D86"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc45:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE03C935-AC83-4B23-ABA2-67F759F10EA9"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc5:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BD83DCDC-20D5-4580-99BF-79981E081B7D"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc51:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFE7F815-2B2C-4F22-B1C9-0F13257160C0"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc56:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F662E59F-7C43-4157-83AF-30CDC8CFFEEC"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc6:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85377655-60CC-43C9-96E3-21C136FF0ACE"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc64:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8763E04A-F260-498D-8ABB-0655844B5ECD"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc66:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2EB5142B-7FA6-4B74-A462-28C6E1039B76"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc7:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5B8D222-A633-490C-ADA4-DDF7727B4A5B"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta14:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8D2D7A0A-8A4A-412B-9146-BAB84270DCE1"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta17:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FEE0259-3406-41DD-A043-87FD52CFD2DC"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta20:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A8F6139-9A63-4A8A-ACB1-344B36422A61"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta28:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FD287C7-0032-4CB0-96AF-24D63FE10D45"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta39:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C1433B6-773B-4922-B9FF-4D7255114C3F"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta40:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C90C3B68-82AE-4833-BF41-98F5BFB03D78"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta50:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADE50771-AED1-410A-9BCC-6AE5EB46D278"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta54:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B139016D-08F7-4085-ADD9-16396C9B3440"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta6:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A0236F88-103D-4CCD-8F6E-440048378E5E"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta61:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BC6967CF-6B88-48F9-8D81-FE4930F400E8"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta75:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "019DD6AA-08AD-4A9F-9817-21C776260B0E"
},
{
"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta9:*:*:testing:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B45EB891-09D4-436E-AC6A-A53CC4A6C6EE"
}
],
"operator": "OR"
}
]
}
]