 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.810609 |
| Category: | General |
| Title: | MikroTik RouterOS 'L2TP' Man-in-the-Middle Attack Vulnerability (Feb 2017) |
| Summary: | MikroTik RouterOS is prone to a man in the middle attack; vulnerability. |
| Description: | Summary: MikroTik RouterOS is prone to a man in the middle attack vulnerability. Vulnerability Insight: The flaw exists due to an error in the L2TP client which does not enable IPsec encryption after a reboot. Vulnerability Impact: Successful exploitation will allow remote attackers to view unencrypted transmitted data and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret. Affected Software/OS: MikroTik RouterOS versions 6.83.3 and 6.37.4 Solution: Update to version 6.37.5, 6.83.4 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-6297 BugTraq ID: 96447 http://www.securityfocus.com/bid/96447 https://blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/ |
| Copyright | Copyright (C) 2017 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |