Ib qho teeb meem tseem ceeb (CVE-2023-32154) tau raug txheeb xyuas nyob rau hauv RouterOS operating system siv nyob rau hauv MikroTik routers, uas tso cai rau tus neeg siv tsis tau lees paub los ntawm kev xa tawm cov cai tshwj xeeb ntawm IPv6 router advertisement (RA, Router Advertisement).
Qhov teeb meem yog tshwm sim los ntawm qhov tsis muaj kev pov thawj zoo ntawm cov ntaub ntawv los ntawm sab nraud hauv cov txheej txheem ua lub luag haujlwm rau kev ua IPv6 RA (Router Advertisement) thov, uas ua rau nws muaj peev xwm sau cov ntaub ntawv dhau ntawm thaj tsam ntawm kev faib tsis thiab teeb tsa kev ua tiav ntawm koj cov cai. nrog cov cai hauv paus. Qhov tsis zoo tshwm sim hauv MikroTik RouterOS v6.xx thiab v7.xx ceg, thaum IPv6 RA tau qhib rau hauv cov chaw kom tau txais IPv6 RA lus ("ipv6 / chaw / teeb lees txais-router-advertisements = yog" lossis "ipvXNUMX/settings/ teem rau pem hauv ntej = tsis lees txais-router -advertisements = yog-if-forwarding-disabled").
Qhov muaj peev xwm ntawm kev siv qhov tsis zoo hauv kev xyaum tau tshwm sim ntawm Pwn2Own kev sib tw hauv Toronto, thaum lub sijhawm cov kws tshawb fawb uas txheeb xyuas qhov teeb meem tau txais txiaj ntsig ntawm $ 100,000 rau ntau theem hacking ntawm cov txheej txheem nrog kev tawm tsam ntawm Mikrotik router thiab siv nws li. lub caij nplooj ntoos hlav rau kev tawm tsam rau lwm yam ntawm lub network hauv zos (tom qab cov neeg tawm tsam tau txais kev tswj hwm ntawm lub tshuab luam ntawv Canon, cov ntaub ntawv hais txog qhov tsis zoo uas tau tshaj tawm).
Cov ntaub ntawv hais txog qhov tsis zoo yog thawj zaug luam tawm ua ntej thaj chaw tsim tawm los ntawm cov chaw tsim khoom (0-hnub), tab sis RouterOS 7.9.1, 6.49.8, 6.48.7, 7.10beta8 hloov tshiab uas txhim kho qhov tsis zoo tau raug tshaj tawm lawm. Raws li cov ntaub ntawv los ntawm ZDI (Zero Day Initiative) qhov project, uas khiav Pwn2Own kev sib tw, cov chaw tsim khoom tau ceeb toom txog qhov tsis zoo rau lub Kaum Ob Hlis 29, 2022. MikroTik cov neeg sawv cev thov tias lawv tsis tau txais kev ceeb toom thiab tsuas yog kawm txog qhov teeb meem thaum lub Tsib Hlis 10, tom qab xa cov lus ceeb toom zaum kawg. Tsis tas li ntawd, tsab ntawv ceeb toom tsis zoo hais txog cov ntaub ntawv hais txog qhov xwm txheej ntawm qhov teeb meem tau tshaj tawm rau MikroTik tus neeg sawv cev ntawm tus neeg thaum lub sijhawm Pwn2Own kev sib tw hauv Toronto, tab sis raws li MikroTik, MikroTik cov neeg ua haujlwm tsis koom nrog qhov kev tshwm sim hauv ib lub peev xwm.
Tau qhov twg los: opennet.ru