OpenCVE

The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Mikrotik	Routeros

Configuration 1 [-]

OR	cpe:2.3:o:mikrotik:routeros:::::ltr:::*
	cpe:2.3:o:mikrotik:routeros::::::::

No data.

References

Link	Providers
https://github.com/BigNerd95/Chimay-Red
https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-15T00:00:00

Updated: 2024-08-05T21:45:26.039Z

Reserved: 2022-10-15T00:00:00

Link: CVE-2017-20149

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-10-15T02:15:08.497

Modified: 2024-11-21T03:22:44.970

Link: CVE-2017-20149

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*", "matchCriteriaId": "48A6BC6C-0F39-4F53-AC01-D345CB9F8CE0", "versionEndExcluding": "6.37.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*", "matchCriteriaId": "3F7108B6-52D6-4DEA-A936-B3CBE2AE984D", "versionEndExcluding": "6.38.5", "versionStartIncluding": "6.38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Mikrotik RouterOS web server allows memory corruption in releases before Stable 6.38.5 and Long-term 6.37.5, aka Chimay-Red. A remote and unauthenticated user can trigger the vulnerability by sending a crafted HTTP request. An attacker can use this vulnerability to execute arbitrary code on the affected system, as exploited in the wild in mid-2017 and later."}, {"lang": "es", "value": "El servidor web Mikrotik RouterOS permite una corrupci\u00f3n de memoria en versiones anteriores a Stable 6.38.5 y Long-term 6.37.5, tambi\u00e9n se conoce como Chimay-Red. Un usuario remoto y no autenticado puede desencadenar la vulnerabilidad mediante el env\u00edo de una petici\u00f3n HTTP dise\u00f1ada. Un atacante puede utilizar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el sistema afectado, como fue explotado \"in the wild\" mediados de 2017 y m\u00e1s tarde"}], "id": "CVE-2017-20149", "lastModified": "2024-11-21T03:22:44.970", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-10-15T02:15:08.497", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/BigNerd95/Chimay-Red"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/BigNerd95/Chimay-Red"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.bleepingcomputer.com/news/security/hajime-botnet-makes-a-comeback-with-massive-scan-for-mikrotik-routers/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}