The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-02-27T07:25:00

Updated: 2024-08-05T15:25:48.822Z

Reserved: 2017-02-23T00:00:00

Link: CVE-2017-6297

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2017-02-27T07:59:00.347

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-6297

cve-icon Redhat

No data.