Lucene search

MitreCVE-2020-20211

HistoryJul 07, 2021 - 2:15 p.m.

CVE-2020-20211

2021-07-0714:15:09

CWE-617

mitre

web.nvd.nist.gov

mikrotik

routeros

6.44.5

dos

vulnerability

assertion failure

console process

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

50.4%

JSON

Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.

Affected configurations

Nvd

Node

mikrotikrouterosMatch6.44.5ltr

VendorProductVersionCPE
mikrotikrouteros6.44.5cpe:2.3:o:mikrotik:routeros:6.44.5:*:*:*:ltr:*:*:*

Vendor	Product	Version	CPE
mikrotik	routeros	6.44.5	cpe:2.3:o:mikrotik:routeros:6.44.5::::ltr:::

References

seclists.org/fulldisclosure/2021/May/0

mikrotik.com/

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

50.4%

JSON

Related for CVE-2020-20211