原文:

https://blog.mikrotik.com/security/cve-20193924-dude-agent-vulnerability.html

The issue is fixed in:

  • 6.43.12 (2019-02-11 14:39)
  • 6.44beta75 (2019-02-11 15:26)
  • 6.42.12 (2019-02-12 11:46)

On February 21, Tenable published a new CVE, describing a vulnerability, which allows to proxy a TCP/UDP request through the routers Winbox port, if it's open to the internet. Tenable had previously contacted MikroTik about this issue, so a fix has already been released on February 11, 2019 in all RouterOS release channels.

The issue does not affect RouterBOARD devices with default configuration, if the "Firewall router" checkbox was left enabled. The issue DOES NOT pose any risk to the router itself, file system is not vulnerable, the issue only allows redirection of connections if port is open. Device itself is safe.

The issue is fixed in:

  • 6.43.12 (2019-02-11 14:39)
  • 6.44beta75 (2019-02-11 15:26)
  • 6.42.12 (2019-02-12 11:46)

As always, MikroTik urges all users to keep their devices up to date, to be protected against all known vulnerabilities and make sure your routers administative ports are firewalled from untrusted networks. The "ip services" menu, where you can protect the "winbox" service, also affects the "dude agent" service, so if you have limited access with this menu, it also protects you from this issue.

mikrotik ros CVE-2019–3924 DUDE AGENT VULNERABILITY的更多相关文章

  1. CVE 2019 0708 安装重启之后 可能造成 手动IP地址丢失.

    1. 最近两天发现 更新了微软的CVE 2019-0708的补丁之后 之前设置的手动ip地址会变成 自动获取, 造成ip地址丢失.. 我昨天遇到两个, 今天同事又遇到一个.微软做补丁也不走心啊..

  2. MikroTik RouterOS网址资源收集

    routeros|mikrotik|ros|软路由论坛|中国路由网|软件路由|软件路由器|routeros技术论坛|路由论坛 - Powered by Discuz!   Mikrotik RB450 ...

  3. FlexPaper 2.3.6 远程命令执行漏洞 附Exp

    影响版本:小于FlexPaper 2.3.6的所有版本 FlexPaper (https://www.flowpaper.com) 是一个开源项目,遵循GPL协议,在互联网上非常流行.它为web客户端 ...

  4. CVE-2019-11604 Quest KACE Systems Management Appliance <= 9.0 XSS

    CVE-2019-11604 Quest KACE Systems Management Appliance CVE-2019-11604 Quest KACE Systems Management ...

  5. Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update

    Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update Package:l ...

  6. Cisco Common Service Platform Collector - Hardcoded Credentials(CVE-2019-1723)

    Cisco Common Service Platform Collector - Hardcoded Credentials 思科公共服务平台收集器-硬编码凭证(CVE-2019-1723) htt ...

  7. CVE: 2014-6271、CVE: 2014-7169 Bash Specially-crafted Environment Variables Code Injection Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 为了理解这个漏 ...

  8. ROS routeros mikrotik路由器CVE-2018-14847漏洞

    原文: https://securitynews.sonicwall.com/xmlpost/massive-cryptojacking-campaign/ SonicWall is observin ...

  9. [我的CVE][CVE-2017-15708]Apache Synapse Remote Code Execution Vulnerability

    漏洞编号:CNVD-2017-36700 漏洞编号:CVE-2017-15708 漏洞分析:https://www.javasec.cn/index.php/archives/117/ [Apache ...

随机推荐

  1. spring模拟ioc

    非spring 开发 public class UserService { private UserDao userDao=new UserDaoImpl(); public void addUser ...

  2. 顺平讲try catch finally throw throws(精华)

    try catch finally  有点像if else语句 还有像javascript的服务器执行成功后的回调函数,success:function(){ 进行处理 }; throws的意思是将异 ...

  3. mysql新建用户在本地无法登录

    新建了一个mysql用户,但是无法在本地登录,即使已经授权任一ip都可以登录,甚至特地写清楚localhost登录,还是不行,情况如下 [root@localhost zabbix-release-3 ...

  4. 记一次接口504 Gateway Time-out原因及解决方法

    今天在刷新公司项目页面时发现有个板块一直刷新不出数据,最后发现接口报错(504 Gateway Time-out) 通过查看代码发现有个sql语句,如下,特别慢 select `vdc1`,      ...

  5. redis 学习资料

    redis 学习资料 网址 Redis 教程(菜鸟教程) http://www.runoob.com/redis/redis-tutorial.html Redis 命令参考 http://redis ...

  6. virtualbox下centos虚拟机安装增强工具教程和常见错误解决

    VirtualBox 4.3.6上安装CentOS 6.5 https://my.oschina.net/tashi/blog/190060 错误1.Building the main Guest A ...

  7. Redis sortedset有效集合数据结构

    1. 增加一个有效集合 2. 查看元素个数 3. zscore 4. zcount 5. 返回指定元素的索引 zrank 6.zincrby 给元素a加90分 7. zrange查看范围

  8. c++中计算程序执行时间

    #include<iostream> #include<time.h> using namespace std; int main() { clock_t t1 = clock ...

  9. seo一些相关内容

    PR值算法原理总体上基于下面2个前提: 1.一个网页被多次引用,则它可能是很重要的: 一个网页虽然没有被多次引用,但是被重要的网页引用,则它也可能是很重要的:一个网页的重要性被平均的传递到它所引用的网 ...

  10. webstorm 破解码

    https://blog.csdn.net/voke_/article/details/76418116 摘自此博客