CISA Known Exploited Vulnerability

CVE-2018-7445

MikroTik · RouterOS

MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability

Date added 2022-09-08

BOD 22-01 due date 2022-09-29

CWE CWE-119

Ransomware Unknown

CISA description

In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system.

Required action

Apply updates per vendor instructions.

Notes & references

https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow#vendor_update, https://mikrotik.com/download
https://nvd.nist.gov/vuln/detail/CVE-2018-7445

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2018-7445
CVE.org · CVE-2018-7445
CISA KEV catalog (canonical)