Vulnerability Description
MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mikrotik | Routeros | <= 6.44.5 |
Related Weaknesses (CWE)
References
- https://fortiguard.com/zeroday/FG-VD-19-108Third Party Advisory
- https://forum.mikrotik.com/viewtopic.php?t=151603
- https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055ExploitThird Party Advisory
- https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665fPress/Media CoverageThird Party Advisory
- https://mikrotik.com/download/changelogs/testing-release-treeRelease NotesVendor Advisory
- https://fortiguard.com/zeroday/FG-VD-19-108Third Party Advisory
- https://forum.mikrotik.com/viewtopic.php?t=151603
- https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055ExploitThird Party Advisory
- https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665fPress/Media CoverageThird Party Advisory
- https://mikrotik.com/download/changelogs/testing-release-treeRelease NotesVendor Advisory
FAQ
What is CVE-2019-15055?
CVE-2019-15055 is a vulnerability with a CVSS score of 6.5 (MEDIUM). MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to res...
How severe is CVE-2019-15055?
CVE-2019-15055 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-15055?
Check the references section above for vendor advisories and patch information. Affected products include: Mikrotik Routeros.