Now Reading
MikroTik weblog – CVE-2023-32154

MikroTik weblog – CVE-2023-32154

2023-05-22 06:12:43

twenty second Might, 2023 | Security

On 10/05/2023 (Might tenth, 2023) MikroTik obtained details about a brand new vulnerability, which is assigned the ID CVE-2023-32154. The report acknowledged, that vendor (MikroTik) was contacted in December, however we didn’t discover file of such communication. The unique report additionally says, that vendor was knowledgeable in individual in an occasion in Toronto, the place MikroTik was not current in any capability.


What this subject impacts: The problem impacts gadgets working MikroTik RouterOS variations v6.xx and v7.xx with enabled IPv6 commercial receiver performance. You might be solely affected if one of many under settings is utilized:



ipv6/settings/ set accept-router-advertisements=sure

or

ipv6/settings/set ahead=no accept-router-advertisements=yes-if-forwarding-disabled


If the above settings should not arrange like within the instance, you aren’t affected. Be aware that the susceptible setting mixture isn’t usually present in routers and is never used.


What this subject could cause: This vulnerability permits network-adjacent attackers to execute arbitrary code on affected installations of Mikrotik RouterOS. Authentication isn’t required to use this vulnerability.

See Also


Advisable plan of action: You possibly can disable IPv6 commercials, or improve to RouterOS 7.10beta7, 7.9.1, 6.49.8, 6.48.7 or newer variations. Some variations should not but launched, please monitor our obtain web page for modifications.

To blog

Source Link

What's Your Reaction?
Excited
0
Happy
0
In Love
0
Not Sure
0
Silly
0
View Comments (0)

Leave a Reply

Your email address will not be published.

2022 Blinking Robots.
WordPress by Doejo

Scroll To Top