Mikrotik PCI DSS External Vulnerability Scan

akarpas · January 28, 2021, 3:55pm

Today we have got a PCI DSS External Vulnerability Scan on one of the sites where we have Mikrotik Router. All went ok except this:

THREAT: The host transmits UDP packets with a constant IP Identification field. This behavior may be exploited to discover the operating system and approximate kernel version of the vulnerable system. Normally, the IP Identification field is intended to be a reasonably unique value, and is used to reconstruct fragmented packets. It has been reported that in some versions of the Linux kernel IP stack implementation as well as other operating systems, UDP packets are transmitted with a constant IP Identification field of 0.

IMPACT: By exploiting this vulnerability, a malicious user can discover the operating system and approximate kernel version of the host. This information can then be used in further attacks against the host.
Severity medium.
CVSS Base Score: 5
TCP/IP CVE ID: CVE-2002-0510
Any experienced geek to bring in more light about this???

pe1chl · January 28, 2021, 4:22pm

You should check if your firewall is configured properly, because normally a router should have little reason to reply to UDP packets sent to it from internet.

akarpas · January 28, 2021, 4:35pm

it says the problem is with kernel the way IP stack sends UDP packets, I doubt its firewall problem, I will extract firewall configuration later on and upload here so you might see what I cant see.

Znevna · January 28, 2021, 5:34pm

I’m eager to see that export.

mixig · January 28, 2021, 6:11pm

http://forum.mikrotik.com/t/cve-2002-0510/116545/1

akarpas · January 29, 2021, 8:37pm

Thank you kindly for this link to the proper post where it was already answered by Mikrotik.