Vulnerability Details : CVE-2018-7445
A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
Vulnerability category: Overflow
CVE-2018-7445
is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system.
Notes:
https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow#vendor_update, https://mikrotik.com/download
Added on
2022-09-08
Action due date
2022-09-29
Exploit prediction scoring system (EPSS) score for CVE-2018-7445
Probability of exploitation activity in the next 30 days: 90.19%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-7445
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
[email protected] |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
[email protected] |
CWE ids for CVE-2018-7445
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: [email protected] (Primary)
References for CVE-2018-7445
-
https://www.exploit-db.com/exploits/44290/
Exploit;Third Party Advisory;VDB Entry
-
https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow
Exploit;Third Party Advisory
-
http://seclists.org/fulldisclosure/2018/Mar/38
Exploit;Mailing List;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/bid/103427
Third Party Advisory;VDB Entry
Products affected by CVE-2018-7445
- cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.4.2:rc5:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.4.2:rc2:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.4.2:rc20:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.4.2:rc18:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.4.2:rc15:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.4.2:rc14:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.4.2:rc27:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.4.2:rc23:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.4.2:rc12:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.4.2:rc9:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.4.2:rc24:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.4.2:rc11:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.4.2:rc6:*:*:*:*:*:*