Details of VAR-200908-0183

ID

VAR-200908-0183

CVE

CVE-2008-6976

TITLE

MicroTik RouterOS In NMS Vulnerability whose settings are changed

Trust: 0.8

sources: JVNDB: JVNDB-2009-004329

DESCRIPTION

MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request. MikroTik RouterOS is prone to a security-bypass vulnerability because the software fails to sufficiently sanitize SNMP requests. This may aid in further attacks. Versions up to and including RouterOS 3.13 and 2.9.51 are vulnerable. MicroTik RouterOS is a solution that turns a standard PC into a network router

Trust: 1.98

sources: NVD: CVE-2008-6976 // JVNDB: JVNDB-2009-004329 // BID: 31025 // VULHUB: VHN-37101

AFFECTED PRODUCTS

vendor:	mikrotik	model:	routeros	scope:	lte	version:	2.9.51	Trust: 1.0
vendor:	mikrotik	model:	routeros	scope:	gte	version:	3.0	Trust: 1.0
vendor:	mikrotik	model:	routeros	scope:	gte	version:	2.0	Trust: 1.0
vendor:	mikrotik	model:	routeros	scope:	lte	version:	3.13	Trust: 1.0
vendor:	microtik	model:	routeros	scope:	eq	version:	3.x to 3.13	Trust: 0.8
vendor:	microtik	model:	routeros	scope:	eq	version:	2.x to 2.9.51	Trust: 0.8
vendor:	microtik	model:	routeros	scope:	eq	version:	2.9.42	Trust: 0.6
vendor:	microtik	model:	routeros	scope:	eq	version:	2.9.43	Trust: 0.6
vendor:	microtik	model:	routeros	scope:	eq	version:	2.9.41	Trust: 0.6
vendor:	microtik	model:	routeros	scope:	eq	version:	3.07	Trust: 0.6
vendor:	microtik	model:	routeros	scope:	eq	version:	3.12	Trust: 0.6
vendor:	microtik	model:	routeros	scope:	eq	version:	2.9.44	Trust: 0.6
vendor:	microtik	model:	routeros	scope:	eq	version:	3.13	Trust: 0.6
vendor:	microtik	model:	routeros	scope:	eq	version:	3.08	Trust: 0.6
vendor:	microtik	model:	routeros	scope:	eq	version:	2.9.45	Trust: 0.6
vendor:	microtik	model:	routeros	scope:	eq	version:	2.9.51	Trust: 0.6
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.51	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.50	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.49	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.48	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.47	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.46	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.45	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.44	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.43	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.42	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.41	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	2.9.40	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.13	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.12	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.11	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.10	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.09	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.08	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.07	Trust: 0.3
vendor:	mikrotik	model:	routeros	scope:	eq	version:	3.0	Trust: 0.3

sources: BID: 31025 // JVNDB: JVNDB-2009-004329 // CNNVD: CNNVD-200908-231 // NVD: CVE-2008-6976

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-6976
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-6976
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200908-231
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-37101
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2008-6976
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-37101
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-37101 // JVNDB: JVNDB-2009-004329 // CNNVD: CNNVD-200908-231 // NVD: CVE-2008-6976

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-37101 // JVNDB: JVNDB-2009-004329 // NVD: CVE-2008-6976

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200908-231

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-200908-231

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-004329

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-37101

PATCH

title:

Top Page

url:

http://www.mikrotik.com/software.html

Trust: 0.8

sources: JVNDB: JVNDB-2009-004329

EXTERNAL IDS

db:	NVD	id:	CVE-2008-6976	Trust: 2.8
db:	BID	id:	31025	Trust: 2.0
db:	EXPLOIT-DB	id:	6366	Trust: 1.7
db:	JVNDB	id:	JVNDB-2009-004329	Trust: 0.8
db:	CNNVD	id:	CNNVD-200908-231	Trust: 0.7
db:	SEEBUG	id:	SSVID-65689	Trust: 0.1
db:	VULHUB	id:	VHN-37101	Trust: 0.1

sources: VULHUB: VHN-37101 // BID: 31025 // JVNDB: JVNDB-2009-004329 // CNNVD: CNNVD-200908-231 // NVD: CVE-2008-6976

REFERENCES

url:	http://www.securityfocus.com/bid/31025	Trust: 1.7
url:	https://www.exploit-db.com/exploits/6366	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/44944	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6976	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-6976	Trust: 0.8
url:	http://www.mikrotik.com/software.html	Trust: 0.3

sources: VULHUB: VHN-37101 // BID: 31025 // JVNDB: JVNDB-2009-004329 // CNNVD: CNNVD-200908-231 // NVD: CVE-2008-6976

CREDITS

ShadOS

Trust: 0.9

sources: BID: 31025 // CNNVD: CNNVD-200908-231

SOURCES

db:	VULHUB	id:	VHN-37101
db:	BID	id:	31025
db:	JVNDB	id:	JVNDB-2009-004329
db:	CNNVD	id:	CNNVD-200908-231
db:	NVD	id:	CVE-2008-6976

LAST UPDATE DATE

2025-04-10T23:11:14.672000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-37101	date:	2017-10-04T00:00:00
db:	BID	id:	31025	date:	2015-04-16T17:54:00
db:	JVNDB	id:	JVNDB-2009-004329	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200908-231	date:	2022-02-11T00:00:00
db:	NVD	id:	CVE-2008-6976	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-37101	date:	2009-08-19T00:00:00
db:	BID	id:	31025	date:	2008-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2009-004329	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200908-231	date:	2009-08-19T00:00:00
db:	NVD	id:	CVE-2008-6976	date:	2009-08-19T05:24:52.157