PatchSiren cyber security CVE debrief
CVE-2017-6297 Mikrotik CVE debrief
CVE-2017-6297 describes a MikroTik RouterOS L2TP client issue where IPsec encryption may not be enabled after a reboot. In the affected versions identified by NVD, L2TP traffic can be exposed in transit, allowing a man-in-the-middle attacker to view transmitted data unencrypted and potentially obtain the L2TP secret needed to access the server network. The vulnerability was published on 2017-02-27 and is rated medium severity.
- Vendor
- Mikrotik
- Product
- CVE-2017-6297
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2017-02-27
- Original CVE updated
- 2026-05-13
- Advisory published
- 2017-02-27
- Advisory updated
- 2026-05-13
Who should care
Administrators running MikroTik RouterOS L2TP client configurations, especially environments relying on IPsec to protect L2TP sessions. Network security teams should care because the failure mode affects confidentiality on the wire and can expose credentials or secrets used for access.
Technical summary
The NVD description and CVSS vector indicate a network-reachable confidentiality issue with no integrity or availability impact. The weakness is categorized as CWE-311 (Missing Encryption of Sensitive Data). The affected CPE entries in the supplied corpus specifically name MikroTik RouterOS 6.83.3 and 6.37.4. According to the CVE description, after reboot the L2TP client does not enable IPsec encryption, leaving traffic unencrypted and vulnerable to interception by a MITM adversary. The supplied sources do not include vendor patch details or a fixed-version statement.
Defensive priority
Medium. Prioritize if the affected RouterOS versions are used for remote access, site-to-site connectivity, or any path where L2TP confidentiality is expected to protect credentials or internal traffic.
Recommended defensive actions
- Inventory MikroTik RouterOS systems using L2TP client connections and confirm whether versions 6.83.3 or 6.37.4 are present.
- Verify that IPsec protection is enabled after reboot on any affected L2TP client deployments.
- Monitor for unexpected unencrypted L2TP traffic on networks where IPsec is required.
- Treat L2TP secrets and related credentials as sensitive exposure risks if the affected configuration is in use.
- Follow the official CVE and NVD records for any additional vendor remediation information or version guidance.
Evidence notes
The CVE record and NVD detail both identify the issue as an L2TP client/IPsec encryption failure in MikroTik RouterOS. The supplied NVD metadata lists affected CPEs for RouterOS 6.83.3 and 6.37.4 and maps the weakness to CWE-311. The CVSS vector is AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N, which matches a network-exposed confidentiality problem. No KEV entry is present in the supplied timeline/enrichment data. The supplied corpus does not include vendor patch notes or a remediation bulletin.
Official resources
-
CVE-2017-6297 CVE record
CVE.org
-
CVE-2017-6297 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Third Party Advisory, VDB Entry
-
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory
Publicly disclosed on 2017-02-27. The supplied timeline shows the NVD record was last modified on 2026-05-13. No KEV listing is provided in the supplied data.