Lucene search

MitreCVE-2020-20230

HistoryJul 19, 2021 - 5:15 p.m.

CVE-2020-20230

2021-07-1917:15:10

CWE-400

mitre

web.nvd.nist.gov

cve-2020-20230

mikrotik routeros

resource consumption

sshd process

denial of service

cpu overload

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

49.7%

JSON

Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU.

Affected configurations

Nvd

Node

mikrotikrouterosRange<6.47

VendorProductVersionCPE
mikrotikrouteros*cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mikrotik	routeros	*	cpe:2.3:o:mikrotik:routeros::::::::

References

cwe.mitre.org/data/definitions/400.html

github.com/cq674350529/pocs_slides/blob/master/advisory/MikroTik/CVE-2020-20230/README.md

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

49.7%

JSON

Related for CVE-2020-20230