[cmNOG] MikroTik: URGENT security advisory

PATRICK KOUOBOU patrickouobou at gmail.com
Dim 5 Aou 13:40:16 UTC 2018


FYI.

Le dim. 5 août 2018 à 14:20, MikroTik <no-reply at mikrotik.com> a écrit :

> Hello,
>
> It has come to our attention that a rogue botnet is currently using a
> vulnerability in the RouterOS Winbox service, that was patched in RouterOS
> v6.42.1 in April 23, 2018.
>
> Since all RouterOS devices offer free upgrades with just two clicks, we
> urge you to upgrade your devices with the "Check for updates" button, if
> you haven't done so already.
>
> Steps to be taken:
>
> - Upgrade RouterOS to the latest release
> - Change your password after upgrading
> - Restore your configuration and inspect it for unknown settings
> - Implement a good firewall according to the article here:
>
> https://wiki.mikrotik.com/wiki/Manual:Securing_Your_Router
>
> All versions from 6.29 (release date: 2015/28/05) to 6.42 (release date
> 2018/04/20) are vulnerable. Is your device affected? If you have open
> Winbox access to untrusted networks and are running one of the affected
> versions: yes, you could be affected. Follow advice above. If Winbox is not
> available to internet, you might be safe, but upgrade still recommended.
>
> More information about the issue can be found here:
> https://blog.mikrotik.com
>
> Best regards,
> MikroTik
>
> --
> In order to maintain and improve our business relations, supply goods and
> services, realizing our legitimate interest (like commercial benefits) to
> process personal data without consent provided that it is not overweighed
> by negative effects on your rights and freedoms, MikroTik has so far sent
> you information related to our activity, and we hope that you will continue
> to be interested in receiving such kind of informative messages. We send
> them to inform our customers and partners about MikroTik news, changes and
> improvements in MikroTik products and software that might be relevant to
> you to comply with essential requirements of product sales and usage,
> information about MikroTik training seminars and MUM events, as well as
> other information.
> To unsubscribe from this list please follow the link:
> https://mikrotik.com/unsubscribe/NL478/cGF0cmlja291b2JvdUBnbWFpbC5jb20=
>
-------------- section suivante --------------
Une pièce jointe HTML a été nettoyée...
URL: <https://lists.cmnog.cm/pipermail/cmnog/attachments/20180805/22b8064e/attachment.html>


Plus d'informations sur la liste de diffusion cmNOG