Hello everyone,
I read about the CVE-2023-6200 vulnerability in the Linux kernel that would allow via ICMPv6 packets to execute arbitrary code on devices.
Description: A race condition was found in the Linux Kernel. Under certain conditions, an unauthenticated attacker from an adjacent network could send an ICMPv6 router advertisement packet, causing arbitrary code execution.
I would like to know if RouterOS is vulnerable and if so, what can be the right mitigations.
Currently many routers using IPv6, accept RAs from provider routers and ICMPv6 packets from the Internet.
CVE-2023-6200 Detail - "> AWAITING ANALYSIS> " This vulnerability is currently awaiting analysis.
The remote attack is potentially possible in the local network only
Ongoing analysis is still being conducted regarding when, how, etc. It’s not possible at this time to point out which platforms are affected. Additionally, it’s important to note that the attacker needs access to your local network if you happen to be vulnerable at all.
The mentioned vulnerability is specific to version 6 (kernel version, not RouterOS version) Kernel commit, one which is not present in MikroTik.
On a related note, RouterOS Kernel does not publish RA routes, that is done by our own service. It is a bit more complex than that, but that is the general gist of it, so we are not affected by this.