Intrusion Prevention

MikroTik.RouterOS.SMB.Buffer.Overflow

Description

This indicates an attack attempt against a Buffer Overflow vulnerability in MikroTik RouterOS.
The vulnerability is caused by an error in the SMB service when handling malformed NetBIOS session messages. It allows a remote attacker to gain control of vulnerable systems via crafted NetBIOS session requests.

Affected Products

MikroTik RouterOS < 6.41.3/6.42rc27

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Upgrade to the latest version, available from the web site.
https://mikrotik.com/download

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date	Version	Status	Detail
2019-10-02	14.698	Modified	Sig Added

References

https://www.coresecurity.com/advisories/mikrotik-routeros-smb-buffer-overflow https://www.exploit-db.com/exploits/44290/

ID	45953
Created	Apr 27, 2018
Updated	Nov 15, 2021
CVE ID
Risk
Known Exploited	Yes
Exploit Prediction Score	87.56%
Default Action	drop
Active
Affected OS	Other
Affected App	Other
Profile Type	Buffer Errors

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Intrusion Prevention

MikroTik.RouterOS.SMB.Buffer.Overflow

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Intrusion Prevention

MikroTik.RouterOS.SMB.Buffer.Overflow

Description

Affected Products

Impact

Recommended Actions

Coverage

Version Updates

References

Threat Intelligence
Center