Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_MIKROTIK_CVE-2018-14847.NASLHistoryFeb 27, 2024 - 12:00 a.m.
MikroTik RouterOS Path Traversal (CVE-2018-14847)
2024-02-2700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
mikrotik
routeros
vulnerability
directory traversal
winbox interface
unauthenticated
remote attackers
arbitrary files
authenticated
tenable.ot
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
7.3
Confidence
Low
EPSS
0.974
Percentile
100.0%
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(502066);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/27");
script_cve_id("CVE-2018-14847");
script_xref(name:"EDB-ID", value:"45578");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/06/01");
script_name(english:"MikroTik RouterOS Path Traversal (CVE-2018-14847)");
script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"MikroTik RouterOS through 6.42 allows unauthenticated remote attackers
to read arbitrary files and remote authenticated attackers to write
arbitrary files due to a directory traversal vulnerability in the
WinBox interface.
This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
script_set_attribute(attribute:"see_also", value:"https://github.com/BasuCert/WinboxPoC");
script_set_attribute(attribute:"see_also", value:"https://github.com/BigNerd95/WinboxExploit");
# https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?25ba70ca");
script_set_attribute(attribute:"see_also", value:"https://github.com/tenable/routeros/tree/master/poc/bytheway");
script_set_attribute(attribute:"see_also", value:"https://github.com/tenable/routeros/tree/master/poc/cve_2018_14847");
script_set_attribute(attribute:"see_also", value:"https://n0p.me/winbox-bug-dissection/");
script_set_attribute(attribute:"see_also", value:"https://www.exploit-db.com/exploits/45578/");
script_set_attribute(attribute:"solution", value:
"Refer to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-14847");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(22);
script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/02");
script_set_attribute(attribute:"patch_publication_date", value:"2018/08/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/27");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mikrotik:routeros");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Tenable.ot");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("tenable_ot_api_integration.nasl");
script_require_keys("Tenable.ot/MikroTik");
exit(0);
}
include('tenable_ot_cve_funcs.inc');
get_kb_item_or_exit('Tenable.ot/MikroTik');
var asset = tenable_ot::assets::get(vendor:'MikroTik');
var vuln_cpes = {
"cpe:/o:mikrotik:routeros" :
{"versionEndIncluding" : "6.42", "family" : "RouterOS"}
};
tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14847
www.nessus.org/u?25ba70ca
github.com/BasuCert/WinboxPoC
github.com/BigNerd95/WinboxExploit
github.com/tenable/routeros/tree/master/poc/bytheway
github.com/tenable/routeros/tree/master/poc/cve_2018_14847
n0p.me/winbox-bug-dissection/
www.exploit-db.com/exploits/45578/
Related
threatpost
threatpost
Massive Meris Botnet Embeds Ransomware Notes from REvil
2022-03-04 22:46:59
Yandex Pummeled by Potent Meris DDoS Botnet
2021-09-10 16:31:14
Thousands of MikroTik Routers Hijacked for Eavesdropping
2018-09-04 18:34:10
exploitdb
exploitdb
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
2018-08-17 00:00:00
MicroTik RouterOS < 6.43rc3 - Remote Root
2018-10-10 00:00:00
nessus
nessus
packetstorm
packetstorm
Mikrotik RouterOS Remote Root
2018-10-10 00:00:00
Mikrotik WinBox 6.42 Credential Disclosure
2018-08-17 00:00:00
malwarebytes
malwarebytes
Fake browser update seeks to compromise more MikroTik routers
2018-10-12 15:00:06
thn
thn
Imperva Thwarts 2.5 Million RPS Ransom DDoS Extortion Attacks
2022-03-05 07:53:00
TrickBot Malware Abusing MikroTik Routers as Proxies for Command-and-Control
2022-03-17 10:05:00
Thousands of MikroTik Routers Hacked to Eavesdrop On Network Traffic
2018-09-04 09:53:00
mssecure
mssecure
attackerkb
attackerkb
CVE-2018-14847
2018-08-02 00:00:00
openvas
openvas
impervablog
impervablog
The 3 Biggest DDoS Attacks Imperva Has Mitigated
2022-05-31 15:12:48
nvd
nvd
CVE-2018-14847
2018-08-02 07:29:00
hackread
hackread
exploitpack
exploitpack
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
2018-08-17 00:00:00
MicroTik RouterOS 6.43rc3 - Remote Root
2018-10-10 00:00:00
cvelist
cvelist
CVE-2018-14847
2018-08-02 07:00:00
talosblog
talosblog
VPNFilter III: More Tools for the Swiss Army Knife of Malware
2018-09-26 07:59:00
checkpoint_advisories
checkpoint_advisories
MikroTik RouterOS Winbox Authentication Bypass (CVE-2018-14847)
2018-08-06 00:00:00
mmpc
mmpc
prion
prion
Directory traversal
2018-08-02 07:29:00
cisa_kev
cisa_kev
MikroTik Router OS Directory Traversal Vulnerability
2021-12-01 00:00:00
cve
cve
CVE-2018-14847
2018-08-02 07:29:00
zdt
zdt
MicroTik RouterOS < 6.43rc3 - Remote Root Exploit
2018-10-10 00:00:00
rapid7blog
rapid7blog
Metasploit Wrap-Up
2020-11-06 19:55:51
kitploit
kitploit
Darksplitz - Exploit Framework
2019-04-04 21:12:00
cisa
cisa
CISA Adds Five Known Exploited Vulnerabilities to Catalog
2021-12-01 00:00:00
ics
ics
githubexploit
githubexploit
Exploit for CVE-2014-4210
2022-03-19 01:54:15
Exploit for CVE-2014-4210
2022-03-19 01:54:15
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AI Score
7.3
Confidence
Low
EPSS
0.974
Percentile
100.0%
Related for TENABLE_OT_MIKROTIK_CVE-2018-14847.NASL