Wrong CVE list comparison?

Question

Wrong CVE list comparison?

j3cc opened this issue a year ago · 0 comments

I updated RouterOS to the current latest version (6.49.8) and rescanned, it shows me the following message:

Version:
	suspicious:
		"CVE-2022-45315"
		"CVE-2022-45313"
	recommendation:
		"RouterOS version: 6.49.8 is vulnerable to CVE(s). Upgrade to the latest version. (The CVEs list is from NVD)"

This might be due to the fact that both CVEs say that any version prior 7.5 or 7.6 are affected. Both interfering with the series 6 branch.

The latest CVE for the 6 series branch is CVE-2023-30799 which only affects RouterOS until version 6.49.7 it seems.