MikroTik RouterOS WinBox Session ID Authentication Bypass

Strike ID:
E18-ww891
CVSS:
9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
False Positive:
f
Variants:
1
Year:
2018

Description

This strike exploits a vulnerability found in WinBox tool for MikroTik RouterOS. The vulnerability is due to improper verification of session ID field in the authentication step. By successfully exploiting this vulnerability, an attacker can obtain the admin credentials of the device.

CVE

References