Community discussions

MikroTik App
 
markos222
just joined
Topic Author
Posts: 24
Joined: Tue Dec 15, 2015 9:15 pm

IRC vulnerability: CVE-2022-2663

Sat Sep 17, 2022 12:20 pm

Hi

I have seen beta that there is a fix for CVE-2022-2663, how we are afected, is there any mitigation?

How this vuln actuate?

Disabling irc helper is sufficient?

Thanks
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: IRC vulnerability: CVE-2022-2663

Sat Sep 17, 2022 12:59 pm

This is not a "MikroTik" vulnerability, you can not gain any access to RouterBOARD or any other (non-IRC) device if the sevice is active or not,

The attacker can impersonate other endopints only on device where IRC software is executed
and also the device where IRC is present must be NATted.

Just disable IRC helper on /ip firewall service-port
For default I disable useless services on all my RouterBOARD.

Who is online

Users browsing this forum: apitsos, CGGXANNX, GoogleOther [Bot] and 84 guests