CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-10066

An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN server certificate verification allows a remote unauthenticated attacker capable of intercepting client traffic to act as a malicious OpenVPN server. This may allow the attacker to gain access to the client's internal network (for example, at site-to-site tunnels).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.008

EPSS Ranking 72.4%

CVSS Severity

CVSS v3 Score 8.1

CVSS v2 Score 6.8

References

https://janis-streib.de/2018/04/11/mikrotik-openvpn-security
https://janis-streib.de/2018/04/11/mikrotik-openvpn-security

Products affected by CVE-2018-10066

Mikrotik » Routeros » Version: 6.41.4

cpe:2.3:a:mikrotik:routeros:6.41.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-10066

Products

Pricing

Contact Us