Medium severity5.9NVD Advisory· Published Feb 27, 2017· Updated May 13, 2026

CVE-2017-6297

Description

The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does not enable IPsec encryption after a reboot, which allows man-in-the-middle attackers to view transmitted data unencrypted and gain access to networks on the L2TP server by monitoring the packets for the transmitted data and obtaining the L2TP secret.

Affected products

Mikrotik/Routeros2 versions
cpe:2.3:o:mikrotik:routeros:6.83.3:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:mikrotik:routeros:6.83.3:*:*:*:*:*:*:*
- cpe:2.3:o:mikrotik:routeros:6.37.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.milne.it/2017/02/24/mikrotik-routeros-security-vulnerability-l2tp-tunnel-unencrypted-cve-2017-6297/nvdExploitThird Party Advisory
www.securityfocus.com/bid/96447nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000