Looks like the security woes continue for Mikrotik:

https://www.tenable.com/blog/tenable-research-advisory-multiple-vulnerabilities-discovered-in-mikrotiks-routeros


Tenable Research has discovered several vulnerabilities in RouterOS, an 
operating system used in MikroTik routers. Jacob Baines, the Tenable researcher 
who made the discovery, presented the talk "Bug Hunting in RouterOS" at 
Derbycon on October 7. The vulnerabilities include CVE-2018-1156 -- an 
authenticated remote code execution (RCE) -- as well as a file upload memory 
exhaustion (CVE-2018-1157), a www memory corruption (CVE-2018-1159) and a 
recursive parsing stack exhaustion (CVE-2018-1158). The most critical of these 
vulnerabilities is the authenticated RCE, which would allow attackers to 
potentially gain full system access. They were tested against RouterOS 6.42.3 
(release date: 05-25-2018) using the x86 ISO.
?

If you've got 'tiks in your environment, time to get patching (again)!


Regards,

-Brad.
_______________________________________________
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Reply via email to