<div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif;font-size:small;color:#000000">Prestar atención si saltan de una version previa a 6.41.x dado que hubo cambios en el manejo de los port switch (master/slave-port).</div><div class="gmail_default" style="font-family:tahoma,sans-serif;font-size:small;color:#000000">Se aconseja verificar coherencia post-upgrade dado que ahora esto se maneja en un bridge con HW-offload, desapareciendo la config master/slave-port de las interfaces eth.</div><div class="gmail_default" style="font-family:tahoma,sans-serif;font-size:small;color:#000000"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;font-size:small;color:#000000">Saludos!<br></div></div><br><div class="gmail_quote"><div dir="ltr">El mar., 9 oct. 2018 a las 16:10, Lucimara Desiderá (<<a href="mailto:lucimara@cert.br">lucimara@cert.br</a>>) escribió:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><a href="https://thehackernews.com/2018/10/router-hacking-exploit.html" rel="noreferrer" target="_blank">https://thehackernews.com/2018/10/router-hacking-exploit.html</a><br>
<br>
<br>
New Exploit for MikroTik Router WinBox Vulnerability Gives Full Root Access<br>
October 08, 2018Swati Khandelwal<br>
mikrotik router hacking exploit<br>
A known vulnerability in MikroTik routers is potentially far more<br>
dangerous than previously thought.<br>
<br>
A cybersecurity researcher from Tenable Research has released a new<br>
proof-of-concept (PoC) RCE attack for an old directory traversal<br>
vulnerability that was found and patched within a day of its discovery<br>
in April this year.<br>
<br>
The vulnerability, identified as CVE-2018-14847, was initially rated as<br>
medium in severity but should now be rated critical because the new<br>
hacking technique used against vulnerable MikroTik routers allows<br>
attackers to remotely execute code on affected devices and gain a root<br>
shell.<br>
<br>
The vulnerability impacts Winbox—a management component for<br>
administrators to set up their routers using a Web-based interface—and a<br>
Windows GUI application for the RouterOS software used by the MikroTik<br>
devices.<br>
<br>
The vulnerability allows "remote attackers to bypass authentication and<br>
read arbitrary files by modifying a request to change one byte related<br>
to a Session ID."<br>
<br>
New Hack Turned 'Medium' MikroTik Vulnerability Into 'Critical'<br>
<br>
However, the new attack method found by Tenable Research exploits the<br>
same vulnerability and takes it to one step ahead.<br>
<br>
A PoC exploit, called "By the Way," released by Tenable Research Jacob<br>
Baines, first uses directory traversal vulnerability to steal<br>
administrator login credentials from user database file and the then<br>
writes another file on the system to gain root shell access remotely.<br>
<br>
In other words, the new exploit could allow unauthorized attackers to<br>
hack MikroTik's RouterOS system, deploy malware payloads or bypass<br>
router firewall protections.<br>
<br>
The technique is yet another security blow against MikroTik routers,<br>
which was previously targeted by the VPNFilter malware and used in an<br>
extensive cryptojacking campaign uncovered a few months ago.<br>
<br>
New MikroTik Router Vulnerabilities<br>
Besides this, Tenable Research also disclosed additional MikroTik<br>
RouterOS vulnerabilities, including:<br>
<br>
CVE-2018-1156—A stack buffer overflow flaw that could allow an<br>
authenticated remote code execution, allowing attackers to gain full<br>
system access and access to any internal system that uses the router.<br>
CVE-2018-1157—A file upload memory exhaustion flaw that allows an<br>
authenticated remote attacker to crash the HTTP server.<br>
CVE-2018-1159—A www memory corruption flaw that could crash the HTTP<br>
server by rapidly authenticating and disconnecting.<br>
CVE-2018-1158—A recursive parsing stack exhaustion issue that could<br>
crash the HTTP server via recursive parsing of JSON.<br>
<br>
<br>
<br>
The vulnerabilities impact Mikrotik RouterOS firmware versions before<br>
6.42.7 and 6.40.9.<br>
<br>
Tenable Research reported the issues to MikroTik in May, and the company<br>
addressed the vulnerabilities by releasing its RouterOS versions 6.40.9,<br>
6.42.7 and 6.43 in August.<br>
<br>
While all the vulnerabilities were patched over a month ago, a recent<br>
scan by Tenable Research revealed that 70 percent of routers (which<br>
equals to 200,000) are still vulnerable to attack.<br>
<br>
The bottom line: If you own a MikroTik router and you have not updated<br>
its RouterOS, you should do it right now.<br>
<br>
Also, if you are still using default credentials on your router, it is<br>
high time to change the default password and keep a unique, long and<br>
complex password.<br>
_______________________________________________<br>
LACNOG mailing list<br>
<a href="mailto:LACNOG@lacnic.net" target="_blank">LACNOG@lacnic.net</a><br>
<a href="https://mail.lacnic.net/mailman/listinfo/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/listinfo/lacnog</a><br>
Cancelar suscripcion: <a href="https://mail.lacnic.net/mailman/options/lacnog" rel="noreferrer" target="_blank">https://mail.lacnic.net/mailman/options/lacnog</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><b>Ivan Chapero<br><span style="color:rgb(102,102,102)">Área Técnica y Soporte</span></b><span style="color:rgb(102,102,102)"> </span><br style="color:rgb(102,102,102)"><span style="color:rgb(102,102,102)">Fijo: 03464-470280 (interno 535)</span> | <span style="color:rgb(102,102,102)">Móvil: 03464-155-20282</span> | <span style="color:rgb(102,102,102)">Skype ID: ivanchapero</span><div><span style="color:rgb(102,102,102)">--</span><br style="color:rgb(102,102,102)"><div style="text-align:center"><span style="color:rgb(102,102,102)">GoDATA Banda Ancha - CABLETEL S.A. | Av. 9 de Julio 1163 - 2183 - Arequito - Santa Fe - Argentina</span></div><br><br><br><br><br><br><br></div></div></div>