Community discussions

MikroTik App
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Topic Author
Posts: 926
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

CVE-2019-15055

Wed Oct 23, 2019 10:05 pm

 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1092
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: CVE-2019-15055

Wed Oct 23, 2019 10:21 pm

Already fixed in 6.45.5 and others. So what?
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Topic Author
Posts: 926
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: CVE-2019-15055

Wed Oct 23, 2019 10:36 pm

Already fixed in 6.45.5 and others. So what?
Would be NICE IF it was mentioned in the following link

https://blog.mikrotik.com/
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21895
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CVE-2019-15055

Wed Oct 23, 2019 11:36 pm

I will not be as polite. The worm should go back in its hole if its going to make posts with 0 value!
It seems mozerd that they are not updating the blog. Good pickup!
(of course this assumes that 15055 is actually covered).
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Topic Author
Posts: 926
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: CVE-2019-15055

Wed Oct 23, 2019 11:53 pm

It seems mozerd that they are not updating the blog. Good pickup!
(of course this assumes that 15055 is actually covered).
Yes 15055 is mentioned in the logs ... MikroTik needs to be much more proactive in making sure that the blog site is uptodate especially where security issues are concerned.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: CVE-2019-15055

Thu Oct 24, 2019 7:58 am

You must have full admin access to the system, and you must be already logged into the system. This is a low priority issue, as described in the CVEDETAILS site.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21895
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CVE-2019-15055

Thu Oct 24, 2019 4:25 pm

Don't mean to ruffle your feathers my friend but....... many clients of MT providers/installers do have full admin access and login. I am a perfect example. I could be the moron giving up the farm, so it may be a low level of concern for enterprise and medium businesses but may be very germane to another segment of MT users and their providers/installers. Of course, my contract states, always disagree with angry red birds, SOB and mkx. ;-)
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: CVE-2019-15055

Thu Oct 24, 2019 5:36 pm

anav, if ability to remove firewall or reset system to defaults also a CVE candidate then?
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21895
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CVE-2019-15055

Thu Oct 24, 2019 5:57 pm

anav, if ability to remove firewall or reset system to defaults also a CVE candidate then?
True enough, I am far more dangerous than the CVE ;-)
 
albinolobster
just joined
Posts: 2
Joined: Tue May 29, 2018 4:09 pm

Re: CVE-2019-15055

Thu Oct 24, 2019 6:13 pm

It should be pointed out that this vulnerability is more severe than reseting passwords. An attacker can use this vulnerability to get a root shell on the router. Unfortunately, MITRE (the org that runs the CVE program) hasn't updated the description. Access to a root shell is pretty concerning. I wrote the details up here: https://medium.com/tenable-techblog/roo ... d7b8665f90

Note that this remains unfixed in Long-term.
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Topic Author
Posts: 926
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: CVE-2019-15055

Fri Oct 25, 2019 3:38 pm

It should be pointed out that this vulnerability is more severe than reseting passwords. An attacker can use this vulnerability to get a root shell on the router. Unfortunately, MITRE (the org that runs the CVE program) hasn't updated the description. Access to a root shell is pretty concerning. I wrote the details up here: https://medium.com/tenable-techblog/roo ... d7b8665f90

Note that this remains unfixed in Long-term.
SUPERB post and proof of concept by albinolobster ...... thank you.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26912
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia
Contact:

Re: CVE-2019-15055

Fri Oct 25, 2019 3:50 pm

If you have physical access and admin account, you can already get full access and shell and it's by design. I still don't understand how ANOTHER way to do the same thing is considered a CVE.
 
albinolobster
just joined
Posts: 2
Joined: Tue May 29, 2018 4:09 pm

Re: CVE-2019-15055

Fri Oct 25, 2019 4:21 pm

If you have physical access and admin account, you can already get full access and shell and it's by design.
I'm actually unfamiliar with how an admin is able to access the busybox root shell? There is no feature that I know of that allows for that, at least that I'm aware of.

As you know, a vulnerability is just a crossing of security boundaries. CVE-2019-15055 allows someone to elevate from an admin account to root shell. That seems like a security boundary to me.
 
Sob
Forum Guru
Forum Guru
Posts: 9188
Joined: Mon Apr 20, 2009 9:11 pm

Re: CVE-2019-15055

Fri Oct 25, 2019 4:36 pm

You're not alone. The feature exists, but as far as I know, it's not for public use.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 21895
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: CVE-2019-15055

Fri Oct 25, 2019 5:28 pm

You're not alone. The feature exists, but as far as I know, it's not for public use.
Hey Sob, so what your saying is this is a backdoor for MT support, so as to be able to team viewer into your router, when asked of course, to fix something on the router which requires root access instead of sending the router back to MT or buying another one? I wonder if this only available for those that pay for support directly?? aka a FEATURE LOL.
 
R1CH
Forum Guru
Forum Guru
Posts: 1108
Joined: Sun Oct 01, 2006 11:44 pm

Re: CVE-2019-15055

Fri Oct 25, 2019 7:38 pm

There is a special .npk package you can install that allows you to SSH into a root shell. You can also mount the filesystem offline or use this CVE to do a similar thing, if you have physical access to the router then nothing is really secure.
 
User avatar
mozerd
Forum Veteran
Forum Veteran
Topic Author
Posts: 926
Joined: Thu Oct 05, 2017 3:39 pm
Location: Canada
Contact:

Re: CVE-2019-15055

Fri Oct 25, 2019 8:53 pm

As you know, a vulnerability is just a crossing of security boundaries. CVE-2019-15055 allows someone to elevate from an admin account to root shell. That seems like a security boundary to me.
The POINT you make is exactly correct.
ROOT SHELL is not permitted under RouterOS because it’s proprietary... Closed source ..... locked to its users. Providing the ability to gain root shell is the primary issue because of all that it exposes and enables.

Other os’s like UBNT EdgeMax allow root access because it’s open source and it’s up to the knowledgeable user to control it.

Who is online

Users browsing this forum: anav, nescafe2002, sindy and 18 guests