QwikSec

Security Database

CVE

CWE

Training

CVE-2019-15055

Published: Aug 26, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

MikroTik RouterOS through 6.44.5 and 6.45.x through 6.45.3 improperly handles the disk name, which allows authenticated users to delete arbitrary files. Attackers can exploit this vulnerability to reset credential storage, which allows them access to the management interface as an administrator without authentication.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://mikrotik.com/download/changelogs/testing-release-tree

x_refsource_CONFIRM

https://fortiguard.com/zeroday/FG-VD-19-108

x_refsource_MISC

https://medium.com/tenable-techblog/rooting-routeros-with-a-usb-drive-16d7b8665f90

x_refsource_MISC

https://github.com/tenable/routeros/tree/master/poc/cve_2019_15055

x_refsource_MISC

https://forum.mikrotik.com/viewtopic.php?t=151603

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.