原文:

https://blog.mikrotik.com/security/cve-20193924-dude-agent-vulnerability.html

The issue is fixed in:

  • 6.43.12 (2019-02-11 14:39)
  • 6.44beta75 (2019-02-11 15:26)
  • 6.42.12 (2019-02-12 11:46)

On February 21, Tenable published a new CVE, describing a vulnerability, which allows to proxy a TCP/UDP request through the routers Winbox port, if it's open to the internet. Tenable had previously contacted MikroTik about this issue, so a fix has already been released on February 11, 2019 in all RouterOS release channels.

The issue does not affect RouterBOARD devices with default configuration, if the "Firewall router" checkbox was left enabled. The issue DOES NOT pose any risk to the router itself, file system is not vulnerable, the issue only allows redirection of connections if port is open. Device itself is safe.

The issue is fixed in:

  • 6.43.12 (2019-02-11 14:39)
  • 6.44beta75 (2019-02-11 15:26)
  • 6.42.12 (2019-02-12 11:46)

As always, MikroTik urges all users to keep their devices up to date, to be protected against all known vulnerabilities and make sure your routers administative ports are firewalled from untrusted networks. The "ip services" menu, where you can protect the "winbox" service, also affects the "dude agent" service, so if you have limited access with this menu, it also protects you from this issue.

mikrotik ros CVE-2019–3924 DUDE AGENT VULNERABILITY的更多相关文章

  1. CVE 2019 0708 安装重启之后 可能造成 手动IP地址丢失.

    1. 最近两天发现 更新了微软的CVE 2019-0708的补丁之后 之前设置的手动ip地址会变成 自动获取, 造成ip地址丢失.. 我昨天遇到两个, 今天同事又遇到一个.微软做补丁也不走心啊..

  2. MikroTik RouterOS网址资源收集

    routeros|mikrotik|ros|软路由论坛|中国路由网|软件路由|软件路由器|routeros技术论坛|路由论坛 - Powered by Discuz!   Mikrotik RB450 ...

  3. FlexPaper 2.3.6 远程命令执行漏洞 附Exp

    影响版本:小于FlexPaper 2.3.6的所有版本 FlexPaper (https://www.flowpaper.com) 是一个开源项目,遵循GPL协议,在互联网上非常流行.它为web客户端 ...

  4. CVE-2019-11604 Quest KACE Systems Management Appliance <= 9.0 XSS

    CVE-2019-11604 Quest KACE Systems Management Appliance CVE-2019-11604 Quest KACE Systems Management ...

  5. Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update

    Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update Package:l ...

  6. Cisco Common Service Platform Collector - Hardcoded Credentials(CVE-2019-1723)

    Cisco Common Service Platform Collector - Hardcoded Credentials 思科公共服务平台收集器-硬编码凭证(CVE-2019-1723) htt ...

  7. CVE: 2014-6271、CVE: 2014-7169 Bash Specially-crafted Environment Variables Code Injection Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 为了理解这个漏 ...

  8. ROS routeros mikrotik路由器CVE-2018-14847漏洞

    原文: https://securitynews.sonicwall.com/xmlpost/massive-cryptojacking-campaign/ SonicWall is observin ...

  9. [我的CVE][CVE-2017-15708]Apache Synapse Remote Code Execution Vulnerability

    漏洞编号:CNVD-2017-36700 漏洞编号:CVE-2017-15708 漏洞分析:https://www.javasec.cn/index.php/archives/117/ [Apache ...

随机推荐

  1. Go Example--方法

    package main import "fmt" //定义结构体 type rect struct { width,height int } //定义结构体指针的方法 func ...

  2. linux运维发展路线

  3. mysql中 where in 用法详解

    这里分两种情况来介绍 1.in 后面是记录集,如: select  *  from  table  where   uname  in(select  uname  from  user); 2.in ...

  4. 列表(list)的增删改查

    list 可以通过 索引,切片,切片加步长取出列表中的某个元素 列表的增: # 追加 append() 在列表的后面追加元素 #  插入 insert()在列表的某个位置插入元素  会加在你输入位置的 ...

  5. oracle之 单实例监听修改端口

    Oracle 单一主机多个实例多个监听器配置要点   1. 一台服务器主机, 有多个实例, 如: TSDB/ORCL; 又需要配置多个监听器 2. 需要指定不同的LISTENER端口   3.pmon ...

  6. django 保存中文到mysql 报错django.db.utils.DatabaseError: Incorrect string value: '\xE5\xBE\x88\xE7\x81\xB5

    分析: 1.尝试在Python中对数据转码成utf8,'中文'.encode("utf-8"),还是报错 2.观察堆栈发现应该是操作mysql数据库的时候,将数据插入表里出错 所以 ...

  7. django报错解决:view must be a callable or a list/tuple in the case of include().

    django版本:1.11.15 django应用,修改urls.py后,访问报错:TypeError at /view must be a callable or a list/tuple in t ...

  8. 干货-递归下降分析器 笔记(具体看Python Cookbook, 3rd edition 的2.19章节)

    import re import collections # 写将要匹配的正则 NUM = r'(?P<NUM>\d+)' PLUS = r'(?P<PLUS>\+)' MIN ...

  9. PHP中的插件机制原理和实例

    PHP项目中很多用到插件的地方,更尤其是基础程序写成之后很多功能由第三方完善开发的时候,更能用到插件机制,现在说一下插件的实现.特点是无论你是否激活,都不影响主程序的运行,即使是删除也不会影响. 从一 ...

  10. 超级账本Hyperledge的关键部件说明

    帐本(Ledger) Fabric帐本(Ledger)是一系列有序和防篡改的状态转换的记录,结构由一个区块链构成,并将不可变的.有序的记录存放在区块中:同时包含一个状态数据库来记录当前的状态,账本的当 ...