CVE-2019-15055

medium

Description

MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.

References

https://mikrotik.com/download/changelogs/testing-release-tree

https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90

https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055

https://forum.mikrotik.com/viewtopic.php?t=151603

https://fortiguard.com/zeroday/FG-VD-19-108

Details

Source: Mitre, NVD

Published: 2019-08-26

Updated: 2020-10-06

Risk Information

CVSS v2

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Severity: Medium