CVE-2017-6297

MEDIUM Year: 2017
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-311
View all →

Vulnerability Description

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.

Related Vulnerabilities

CVE-2016-10597

MEDIUM
CVSS:5.9(Medium)

cobalt-cli downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2016-10613

MEDIUM
CVSS:5.9(Medium)

bionode-sra is a Node.js wrapper for SRA Toolkit. bionode-sra downloads data resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2016-10630

MEDIUM
CVSS:5.9(Medium)

install-g-test downloads resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112016

CVE-2017-16041

MEDIUM
CVSS:5.9(Medium)

ikst versions before 1.1.2 download resources over HTTP, which leaves it vulnerable to MITM attacks.

CWE-3112017

CVE-2017-9045

MEDIUM
CVSS:5.9(Medium)

The Google I/O 2017 application before 5.1.4 for Android downloads multiple .json files from http://storage.googleapis.com without SSL, which makes it easier for man-in-the-middle attackers to spoof F...

CWE-3112017

CVE-2019-11404

MEDIUM
CVSS:5.9(Medium)

arrow-kt Arrow before 0.9.0 resolved Gradle build artifacts (for compiling and building the published JARs) over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously com...

CWE-3112019