CVE-2019-13954

Published: Jul 26, 2019Modified: Nov 21, 2024

6.5

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Mikrotik RouterOS before 6.44.5 (long-term release tree) is vulnerable to memory exhaustion. By sending a crafted HTTP request, an authenticated remote attacker can crash the HTTP server and in some circumstances reboot the system. Malicious code cannot be injected.

Affected (2)

Products: Mikrotik: Routeros

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Mikrotik Routeros	Before 6.44.5
Mikrotik Routeros	Version 6.45

Related CWEs

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (4)

http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://seclists.org/fulldisclosure/2019/Jul/20

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://packetstormsecurity.com/files/153733/Mikrotik-RouterOS-Resource-Stack-Exhaustion.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://seclists.org/fulldisclosure/2019/Jul/20

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

Timeline

No history available yet.