CVE-2019-3943

{"id": "CVE-2019-3943", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 7.8, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.8}]}, "published": "2019-04-10T21:29:01.823", "references": [{"url": "https://www.tenable.com/security/research/tra-2019-16", "tags": ["Exploit", "Third Party Advisory"], "source": "vulnreport@tenable.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "vulnreport@tenable.com", "description": [{"lang": "en", "value": "CWE-23"}]}], "descriptions": [{"lang": "en", "value": "MikroTik RouterOS versions Stable 6.43.12 and below, Long-term 6.42.12 and below, and Testing 6.44beta75 and below are vulnerable to an authenticated, remote directory traversal via the HTTP or Winbox interfaces. An authenticated, remote attack can use this vulnerability to read and write files outside of the sandbox directory (/rw/disk)."}, {"lang": "es", "value": "Las versiones de MikroTik RouterOS Stable versi\u00f3n 6.43.12 y versiones posteriores, Long-term versi\u00f3n 6.42.12 y versiones posteriores, y Testing versi\u00f3n 6.44beta75 y versiones anteriores son vulnerables a un salto de directorio remoto autenticado por medio de las interfaces HTTP o Winbox. Un ataque remoto autenticado puede usar esta vulnerabilidad para leer y escribir archivos fuera del directorio sandbox (/rw/disk)."}], "lastModified": "2019-12-17T19:19:10.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:ltr:*:*:*", "vulnerable": true, "matchCriteriaId": "ACADC6D1-CFEF-4F9D-966C-64D3BB0C2256", "versionEndIncluding": "6.42.12"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "829F9974-1A56-4391-AFA9-4BB4B3096AFD", "versionEndIncluding": "6.43.12"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc31:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "C7DDCBF9-152C-421C-B326-CCFB62A42C17"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc32:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "AA89BEC4-62A8-4DA7-AB2A-2D18A643E3F8"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc34:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "BCA389CA-532D-432C-A5C0-69C3CFA207C9"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc37:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "5C950CF8-62A1-4A26-9133-108DAB661394"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc38:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "EB7ECE0C-B21E-4EFB-85D3-1A5A846D75FB"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc44:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "3FC3F259-1C2A-4393-86E2-103495570F49"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc47:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "C097CA40-9528-43DF-B3B7-59722AE5866A"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc50:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "A3793BBE-8E1A-4C07-9A52-E6DA4FE0DD3D"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc52:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "CE5A816B-6663-4633-886A-AD7E3CBA5E33"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc56:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "B851706B-4A98-4FD3-99B0-CE239D419808"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc61:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "40D21FB7-E7C5-46B4-B89A-81F84EEB62B5"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.41:rc66:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "5AAB3F87-47C7-4726-8DF1-09261C7C0613"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc11:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "B353D6FD-C9FD-4458-82AA-F9FE168B04D9"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc12:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "B5A92D37-C91C-4229-9B6D-C8FDB5C1DED7"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc14:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "E8B77E44-F502-4164-95A7-60C53F4C465A"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc15:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "EAF10AE7-F48F-4FEC-A43A-7E5A45AF5B9C"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc18:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "CB43A291-A77C-445D-9F68-1FA21C257561"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc2:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "EF252049-8D6D-47D7-9543-3B53D7D0DA6E"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc20:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "48006BD1-EF86-4205-A1F7-C8A0D3D73EAE"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc23:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "4F4D0CB8-F170-49E1-BB20-E4A3698FCE69"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc24:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "A6A9B305-ECE5-45C6-8417-BC2AAF9F4FE2"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc27:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "E76F79DB-F504-4495-B992-E895B0F0871E"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc28:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "D2B6691E-55DA-4D39-BD80-2BCF16952308"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc30:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "A710D231-1F22-4F38-B228-30CDF0169149"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc35:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "F83EF0A6-CA00-404C-AC6C-14BB10C329B5"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc37:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "CDA42D78-29F2-48B4-9422-3D39BA408E43"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc39:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "6643B0FC-93D5-4F10-AC3C-323F598C5013"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc41:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "02F11653-1822-4D53-A6ED-745AC401AD4B"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc43:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "9BF25BBD-CF35-4EE1-8A7A-EEEBD662E0DB"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc46:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "2D70CCC2-48CF-4DAA-ABDF-B81F3DAA7EBC"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc48:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "7DF5E7C1-0426-4B1E-A44F-C91AF4F0CCAC"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc49:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "DB9A9D2C-697D-4ED3-9DBC-7A783C35DA91"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc5:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "C50C6C42-A148-4CBF-B843-D2DB89104387"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc52:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "525C6344-D579-4697-B092-94E75EAD7755"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc56:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "F81532B9-1525-417E-8BF2-E4A8055D2DE0"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc6:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "8F9181C2-FF73-4BDF-90EE-00F6B066B7EC"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.42:rc9:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "A44766F0-BCBF-433B-BEB0-13EB334899EF"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc11:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "2FA5B37B-9EB7-4A1C-9A20-26AFAEC2F221"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc12:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "D1D9CCDE-2F9A-4F6F-A457-B9671E1B5874"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc14:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "73E3C281-E554-412F-941A-B55BA70AC7F1"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc17:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "7F4223D5-0C3D-4C7E-A7B3-D1074A2FE75C"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc19:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "0A088124-8494-4E57-87C0-E75EEA4098DF"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc21:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "090A232C-1F78-4C92-854D-BA91398770D2"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc23:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "E4A4F1E1-2510-487D-AC6A-68D4450CDA06"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc27:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "28D50A65-95AF-479C-9661-35378B3ED2B4"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc29:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "8F478173-186D-436D-A200-4F20A7303630"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc3:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "8E009CEF-1FE9-47B4-BC46-382D972B47EE"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc32:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "E8E34937-3118-4FA0-B5CD-BA14F64507A7"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc34:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "9D9786EA-C661-4478-AFA0-00728CBB246D"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc4:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "13F7DF28-170C-44E9-B39C-AB4B85B42201"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc40:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "9823F4EF-9B49-4E4F-8B89-DF02D61C5146"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc42:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "06860FB4-20D8-43B7-B530-CAD0BA186EF6"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc44:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "25882AF0-E9A2-4952-A1E3-755A1DBA2D86"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc45:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "FE03C935-AC83-4B23-ABA2-67F759F10EA9"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc5:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "BD83DCDC-20D5-4580-99BF-79981E081B7D"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc51:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "AFE7F815-2B2C-4F22-B1C9-0F13257160C0"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc56:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "F662E59F-7C43-4157-83AF-30CDC8CFFEEC"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc6:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "85377655-60CC-43C9-96E3-21C136FF0ACE"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc64:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "8763E04A-F260-498D-8ABB-0655844B5ECD"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc66:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "2EB5142B-7FA6-4B74-A462-28C6E1039B76"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.43:rc7:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "C5B8D222-A633-490C-ADA4-DDF7727B4A5B"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta14:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "8D2D7A0A-8A4A-412B-9146-BAB84270DCE1"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta17:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "2FEE0259-3406-41DD-A043-87FD52CFD2DC"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta20:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "8A8F6139-9A63-4A8A-ACB1-344B36422A61"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta28:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "3FD287C7-0032-4CB0-96AF-24D63FE10D45"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta39:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "2C1433B6-773B-4922-B9FF-4D7255114C3F"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta40:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "C90C3B68-82AE-4833-BF41-98F5BFB03D78"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta50:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "ADE50771-AED1-410A-9BCC-6AE5EB46D278"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta54:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "B139016D-08F7-4085-ADD9-16396C9B3440"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta6:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "A0236F88-103D-4CCD-8F6E-440048378E5E"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta61:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "BC6967CF-6B88-48F9-8D81-FE4930F400E8"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta75:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "019DD6AA-08AD-4A9F-9817-21C776260B0E"}, {"criteria": "cpe:2.3:o:mikrotik:routeros:6.44:beta9:*:*:testing:*:*:*", "vulnerable": true, "matchCriteriaId": "B45EB891-09D4-436E-AC6A-A53CC4A6C6EE"}], "operator": "OR"}]}], "sourceIdentifier": "vulnreport@tenable.com"}