CVE-2017-7285
published 2017-03-29CVE-2017-7285: A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU…
PriorityP265high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
19.34%
97.0th percentile
A vulnerability in the network stack of MikroTik Version 6.38.5 released 2017-03-09 could allow an unauthenticated remote attacker to exhaust all available CPU via a flood of TCP RST packets, preventing the affected router from accepting new TCP connections.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mikrotik | routeros | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandTCP RST flood using raw socket (tcp_rst=1, seq=19456, tcp_win=124, tcp_urg_ptr=44, ip_frag_id=19245, ip_ttl=25)↗
- →Detect a flood of TCP RST packets from a single source targeting a MikroTik device; high-rate RST-only packets (RST flag set, no SYN/ACK/FIN) with a fixed sequence number (19456) and window size (124) are characteristic of this exploit. ↗
- →Monitor CPU utilization on MikroTik RouterOS 6.38.5 devices; sustained 100% CPU with simultaneous inability to accept new TCP connections is the primary symptom of exploitation. ↗
- ·The vulnerability is specific to MikroTik RouterOS version 6.38.5 (released 2017-03-09); other versions are not confirmed affected by this CVE. ↗
- ·The attack requires no authentication; any unauthenticated remote attacker with network access to the router can trigger the DoS, making perimeter ACLs blocking unsolicited RST floods the primary mitigation. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2017-03-29
Published