原文:

https://blog.mikrotik.com/security/cve-20193924-dude-agent-vulnerability.html

The issue is fixed in:

  • 6.43.12 (2019-02-11 14:39)
  • 6.44beta75 (2019-02-11 15:26)
  • 6.42.12 (2019-02-12 11:46)

On February 21, Tenable published a new CVE, describing a vulnerability, which allows to proxy a TCP/UDP request through the routers Winbox port, if it's open to the internet. Tenable had previously contacted MikroTik about this issue, so a fix has already been released on February 11, 2019 in all RouterOS release channels.

The issue does not affect RouterBOARD devices with default configuration, if the "Firewall router" checkbox was left enabled. The issue DOES NOT pose any risk to the router itself, file system is not vulnerable, the issue only allows redirection of connections if port is open. Device itself is safe.

The issue is fixed in:

  • 6.43.12 (2019-02-11 14:39)
  • 6.44beta75 (2019-02-11 15:26)
  • 6.42.12 (2019-02-12 11:46)

As always, MikroTik urges all users to keep their devices up to date, to be protected against all known vulnerabilities and make sure your routers administative ports are firewalled from untrusted networks. The "ip services" menu, where you can protect the "winbox" service, also affects the "dude agent" service, so if you have limited access with this menu, it also protects you from this issue.

mikrotik ros CVE-2019–3924 DUDE AGENT VULNERABILITY的更多相关文章

  1. CVE 2019 0708 安装重启之后 可能造成 手动IP地址丢失.

    1. 最近两天发现 更新了微软的CVE 2019-0708的补丁之后 之前设置的手动ip地址会变成 自动获取, 造成ip地址丢失.. 我昨天遇到两个, 今天同事又遇到一个.微软做补丁也不走心啊..

  2. MikroTik RouterOS网址资源收集

    routeros|mikrotik|ros|软路由论坛|中国路由网|软件路由|软件路由器|routeros技术论坛|路由论坛 - Powered by Discuz!   Mikrotik RB450 ...

  3. FlexPaper 2.3.6 远程命令执行漏洞 附Exp

    影响版本:小于FlexPaper 2.3.6的所有版本 FlexPaper (https://www.flowpaper.com) 是一个开源项目,遵循GPL协议,在互联网上非常流行.它为web客户端 ...

  4. CVE-2019-11604 Quest KACE Systems Management Appliance <= 9.0 XSS

    CVE-2019-11604 Quest KACE Systems Management Appliance CVE-2019-11604 Quest KACE Systems Management ...

  5. Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update

    Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update Package:l ...

  6. Cisco Common Service Platform Collector - Hardcoded Credentials(CVE-2019-1723)

    Cisco Common Service Platform Collector - Hardcoded Credentials 思科公共服务平台收集器-硬编码凭证(CVE-2019-1723) htt ...

  7. CVE: 2014-6271、CVE: 2014-7169 Bash Specially-crafted Environment Variables Code Injection Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 为了理解这个漏 ...

  8. ROS routeros mikrotik路由器CVE-2018-14847漏洞

    原文: https://securitynews.sonicwall.com/xmlpost/massive-cryptojacking-campaign/ SonicWall is observin ...

  9. [我的CVE][CVE-2017-15708]Apache Synapse Remote Code Execution Vulnerability

    漏洞编号:CNVD-2017-36700 漏洞编号:CVE-2017-15708 漏洞分析:https://www.javasec.cn/index.php/archives/117/ [Apache ...

随机推荐

  1. hibernate--DetachedCriteria(离线条件查询)

    一.叙述 离线条件查询的好处,可以在非dao层封装查询参数,封装完成后,将对象传递到dao层,关联到session后,再去查询数据,这样做dao层可以极大的简化代码.下面通过一个小案例,一起来感受一下 ...

  2. spring mvc发送请求404,不能进入处理方法,也不报错

    找了很久找不到原因,那多半是字段绑定出错了.如字段不能为空的如int,double,没传给了空:字段是int的,给了double形式的值(1.0)..这些都会使spring mvc自动绑定出错,而且不 ...

  3. ionic后台返回的数据是html模板的时候,解析html文件的方法:

    1.后台返回来的数据格式是: { "state":"100", "data":[ {"Content": "\ ...

  4. 【java多线程】队列系统之LinkedBlockingQueue源码

    转载:https://blog.csdn.net/tonywu1992/article/details/83419448 http://benjaminwhx.com/archives/ 1.简介 上 ...

  5. MySQL--时间戳与时区问题

    对于使用 timestamp 的场景,MySQL 在访问 timestamp 字段时会做时区转换,当 time_zone 设置为 system 时,MySQL 访问每一行的 timestamp 字段时 ...

  6. lua-resty-shell 多任务执行

    已经写过一个openresty 使用lua-resty-shell 执行shell 脚本的demo,但是实际上我们可能是多节点运行, 同时需要负载均衡的机制. lua-resty-shell 支持un ...

  7. 如何对 PHP 代码加密?

    这几天有同事问如何对 PHP 代码进行加密? 在我印象中 PHP 加密还是比较麻烦的,之前只知道 Zend Guard . 刚刚找了一圈发现现在还是有很多可行的方案,先记录一下,以后使用. 使用混淆 ...

  8. JCP与JSR

    JCP Java Community Process ,Java社区进程,Java标准指定组织JCP成立于1998年,官网,由社会各界Java组成的社区,规划和领导Java的发展,其成员可以在这里看到 ...

  9. vscode vue eslint 快捷键格式化代码

    添加vetur , eslint插件   在工作区添加以下代码   "workbench.startupEditor": "welcomePage", &quo ...

  10. 怎么在vi和vim上查找字符串

    教你怎么在vi和vim上查找字符串 我们以samba的配置文件为例,搜索一个user的字符串. vim /etc/samba/smb.conf 打开smb.conf      命令模式下,输入/use ...