Security issue
https://www.cvedetails.com/cve/CVE-2019-15055/
Would be NICE IF it was mentioned in the following linkAlready fixed in 6.45.5 and others. So what?
Yes 15055 is mentioned in the logs ... MikroTik needs to be much more proactive in making sure that the blog site is uptodate especially where security issues are concerned.It seems mozerd that they are not updating the blog. Good pickup!
(of course this assumes that 15055 is actually covered).
True enough, I am far more dangerous than the CVEanav, if ability to remove firewall or reset system to defaults also a CVE candidate then?
SUPERB post and proof of concept by albinolobster ...... thank you.It should be pointed out that this vulnerability is more severe than reseting passwords. An attacker can use this vulnerability to get a root shell on the router. Unfortunately, MITRE (the org that runs the CVE program) hasn't updated the description. Access to a root shell is pretty concerning. I wrote the details up here: https://medium.com/tenable-techblog/roo ... d7b8665f90
Note that this remains unfixed in Long-term.
I'm actually unfamiliar with how an admin is able to access the busybox root shell? There is no feature that I know of that allows for that, at least that I'm aware of.If you have physical access and admin account, you can already get full access and shell and it's by design.
Hey Sob, so what your saying is this is a backdoor for MT support, so as to be able to team viewer into your router, when asked of course, to fix something on the router which requires root access instead of sending the router back to MT or buying another one? I wonder if this only available for those that pay for support directly?? aka a FEATURE LOL.You're not alone. The feature exists, but as far as I know, it's not for public use.
The POINT you make is exactly correct.As you know, a vulnerability is just a crossing of security boundaries. CVE-2019-15055 allows someone to elevate from an admin account to root shell. That seems like a security boundary to me.