原文:

https://blog.mikrotik.com/security/cve-20193924-dude-agent-vulnerability.html

The issue is fixed in:

  • 6.43.12 (2019-02-11 14:39)
  • 6.44beta75 (2019-02-11 15:26)
  • 6.42.12 (2019-02-12 11:46)

On February 21, Tenable published a new CVE, describing a vulnerability, which allows to proxy a TCP/UDP request through the routers Winbox port, if it's open to the internet. Tenable had previously contacted MikroTik about this issue, so a fix has already been released on February 11, 2019 in all RouterOS release channels.

The issue does not affect RouterBOARD devices with default configuration, if the "Firewall router" checkbox was left enabled. The issue DOES NOT pose any risk to the router itself, file system is not vulnerable, the issue only allows redirection of connections if port is open. Device itself is safe.

The issue is fixed in:

  • 6.43.12 (2019-02-11 14:39)
  • 6.44beta75 (2019-02-11 15:26)
  • 6.42.12 (2019-02-12 11:46)

As always, MikroTik urges all users to keep their devices up to date, to be protected against all known vulnerabilities and make sure your routers administative ports are firewalled from untrusted networks. The "ip services" menu, where you can protect the "winbox" service, also affects the "dude agent" service, so if you have limited access with this menu, it also protects you from this issue.

mikrotik ros CVE-2019–3924 DUDE AGENT VULNERABILITY的更多相关文章

  1. CVE 2019 0708 安装重启之后 可能造成 手动IP地址丢失.

    1. 最近两天发现 更新了微软的CVE 2019-0708的补丁之后 之前设置的手动ip地址会变成 自动获取, 造成ip地址丢失.. 我昨天遇到两个, 今天同事又遇到一个.微软做补丁也不走心啊..

  2. MikroTik RouterOS网址资源收集

    routeros|mikrotik|ros|软路由论坛|中国路由网|软件路由|软件路由器|routeros技术论坛|路由论坛 - Powered by Discuz!   Mikrotik RB450 ...

  3. FlexPaper 2.3.6 远程命令执行漏洞 附Exp

    影响版本:小于FlexPaper 2.3.6的所有版本 FlexPaper (https://www.flowpaper.com) 是一个开源项目,遵循GPL协议,在互联网上非常流行.它为web客户端 ...

  4. CVE-2019-11604 Quest KACE Systems Management Appliance <= 9.0 XSS

    CVE-2019-11604 Quest KACE Systems Management Appliance CVE-2019-11604 Quest KACE Systems Management ...

  5. Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update

    Debian Security Advisory(Debian安全报告) DSA-4414-1 libapache2-mod-auth-mellon security update Package:l ...

  6. Cisco Common Service Platform Collector - Hardcoded Credentials(CVE-2019-1723)

    Cisco Common Service Platform Collector - Hardcoded Credentials 思科公共服务平台收集器-硬编码凭证(CVE-2019-1723) htt ...

  7. CVE: 2014-6271、CVE: 2014-7169 Bash Specially-crafted Environment Variables Code Injection Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 为了理解这个漏 ...

  8. ROS routeros mikrotik路由器CVE-2018-14847漏洞

    原文: https://securitynews.sonicwall.com/xmlpost/massive-cryptojacking-campaign/ SonicWall is observin ...

  9. [我的CVE][CVE-2017-15708]Apache Synapse Remote Code Execution Vulnerability

    漏洞编号:CNVD-2017-36700 漏洞编号:CVE-2017-15708 漏洞分析:https://www.javasec.cn/index.php/archives/117/ [Apache ...

随机推荐

  1. Python基础-使用paramiko

    一:简介 paramiko是用python语言写的一个模块,遵循SSH2协议,支持以加密和认证的方式,进行远程服务器的连接. 由于使用的是python这样的能够跨平台运行的语言,所以所有python支 ...

  2. Pushpin How it works

    转自:https://pushpin.org/docs/about/#how-it-works Introduction Pushpin is a reverse proxy server that ...

  3. Unity 官方教程 学习

    Interface & Essentials Using the Unity Interface 1.Interface Overview https://unity3d.com/cn/lea ...

  4. 使用Managed Extensibility Framework方便的扩展应用程序

    概述 Managed Extensibility Framework(MEF)是.NET平台下的一个扩展性管理框架,它是一系列特性的集合,包括依赖注入(DI)以及Duck Typing等.MEF为开发 ...

  5. taro 知识点

    taro 的包: 包名 说明 @tarojs/redux Redux for Taro @tarojs/redux-h5 Forked react-redux for taro @tarojs/plu ...

  6. PHP实现IP访问限制及提交次数的方法详解

    一.原理 提交次数是肯定要往数据库里写次数这个数据的,比如用户登陆,当用户出错时就忘数据库写入出错次数1,并且出错时间,再出错写2,当满比如5次时提示不允许再登陆,请明天再试,然后用DateDiff计 ...

  7. TestNG.xml参数配置-如何控制部分执行@test方法

    如果在methods中标识了@test的方法,也可以在method中通过include和exclude来控制需要执行哪些方法 <include name="testMethod1&qu ...

  8. JSON 反序列化Lis<T>

    JavaScriptSerializer sr = new JavaScriptSerializer();             //List<CSISSIQuestionLibrary> ...

  9. Hadoop Mapreduce 案例 wordcount+统计手机流量使用情况

    mapreduce设计思想 概念:它是一个分布式并行计算的应用框架它提供相应简单的api模型,我们只需按照这些模型规则编写程序,即可实现"分布式并行计算"的功能. 案例一:word ...

  10. Elasticsearch集成HanLP分词器

    1.通过git下载分词器代码. 连接如下:https://gitee.com/hualongdata/hanlp-ext hanlp官网如下:http://hanlp.linrunsoft.com/ ...