During some research which found CVE-2018-19298 (MikroTik IPv6 Neighbor Discovery Protocol exhaustion), I uncovered a larger problem with MikroTik RouterOS’s handling of IPv6 packets. This led to CVE-2018-19299, an unpublished and as yet unfixed (despite almost one year elapsing since vendor acknowledgement) vulnerability in RouterOS which allows for remote, unauthenticated denial of service. Unpublished… until UKNOF 43!
Previously given at NetMcr (today). Two attendees suggested this as material for UKNOF43.
|May we publish the slides on our website?||Yes|
|May we live webcast the talk?<br />(recordings will be available publicly online)||Yes|
|Your consent for us to publish your name and<br />affiliation as a Speaker on the UKNOF43 website||Yes|
|Talk Duration||15 minutes|