CVE-2019-16160
[Suggested description] | |
An integer underflow in the SMB server of MikroTik RouterOS 6.43.16 | |
(x86 and CHR) allows remote unauthenticated attackers to crash the | |
service. | |
------------------------------------------ | |
[Additional Information] | |
The vulnerability likely affects other versions too. | |
The vulnerability might be exploitable to achieve RCE. | |
------------------------------------------ | |
[Vulnerability Type] | |
Integer Overflow | |
------------------------------------------ | |
[Vendor of Product] | |
MikroTik | |
------------------------------------------ | |
[Affected Product Code Base] | |
RouterOS - 6.43.16 | |
------------------------------------------ | |
[Affected Component] | |
SMB server | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[Impact Denial of Service] | |
true | |
------------------------------------------ | |
[Attack Vectors] | |
Malformed SMB request (pre-auth) | |
------------------------------------------ | |
[Has vendor confirmed or acknowledged the vulnerability?] | |
true | |
------------------------------------------ | |
[Discoverer] | |
Paolo Montesel - https://thebabush.github.io/ | |
------------------------------------------ | |
[Reference] | |
https://mikrotik.com |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment