CVE-2019-3979
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
RouterOS versions 6.45.6 Stable, 6.44.5 Long-term, and below are vulnerable to a DNS unrelated data attack. The router adds all A records to its DNS cache even when the records are unrelated to the domain that was queried. Therefore, a remote attacker controlled DNS server can poison the router's DNS cache via malicious responses with additional and untrue records.
RouterOS versión 6.45.6 Stable, RouterOS versión 6.44.5 Long-Term y anteriores, son vulnerables a un ataque de datos no relacionado con DNS. El router agrega todos los registros A a su memoria caché DNS incluso cuando los registros no están relacionados con el dominio que se consultó. Por lo tanto, un servidor DNS controlado por un atacante remoto puede envenenar la memoria caché DNS del router mediante respuestas maliciosas con registros adicionales y falsos.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-01-03 CVE Reserved
- 2019-10-28 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-345: Insufficient Verification of Data Authenticity
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://www.tenable.com/security/research/tra-2019-46 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Mikrotik Search vendor "Mikrotik" | Routeros Search vendor "Mikrotik" for product "Routeros" | <= 6.44.5 Search vendor "Mikrotik" for product "Routeros" and version " <= 6.44.5" | ltr |
Affected
| ||||||
Mikrotik Search vendor "Mikrotik" | Routeros Search vendor "Mikrotik" for product "Routeros" | <= 6.45.6 Search vendor "Mikrotik" for product "Routeros" and version " <= 6.45.6" | - |
Affected
|