Lucene search

MitreCVE-2020-10364

HistoryMar 23, 2020 - 4:15 p.m.

CVE-2020-10364

2020-03-2316:15:13

CWE-770

mitre

web.nvd.nist.gov

cve-2020-10364

mikrotik

ssh

denial of service

remote attackers

nvd

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.008

Percentile

81.9%

JSON

The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.

Affected configurations

Nvd

Node

mikrotikrouterosRange≤6.44.3

AND

mikrotikccr1009-7g-1c-1s\+Match-

mikrotikccr1009-7g-1c-1s\+pcMatch-

mikrotikccr1009-7g-1c-pcMatch-

mikrotikccr1016-12gMatch-

mikrotikccr1016-12s-1s\+Match-

mikrotikccr1036-12g-4sMatch-

mikrotikccr1036-12g-4s-emMatch-

mikrotikccr1036-8g-2s\+Match-

mikrotikccr1036-8g-2s\+emMatch-

mikrotikccr1072-1g-8s\+Match-

mikrotikhexMatch-

mikrotikhex_liteMatch-

mikrotikhex_poeMatch-

mikrotikhex_poe_liteMatch-

mikrotikhex_sMatch-

mikrotikpowerboxMatch-

mikrotikpowerbox_proMatch-

mikrotikrb1100ahx4Match-

mikrotikrb1100ahx4Match-dude

mikrotikrb2011il-inMatch-

mikrotikrb2011il-rmMatch-

mikrotikrb2011ils-inMatch-

mikrotikrb2011uias-inMatch-

mikrotikrb2011uias-rmMatch-

mikrotikrb3011uias-rmMatch-

mikrotikrb4011igs\+rmMatch-

VendorProductVersionCPE
mikrotikrouteros*cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:*
mikrotikccr1009-7g-1c-1s\+-cpe:2.3:h:mikrotik:ccr1009-7g-1c-1s\+:-:*:*:*:*:*:*:*
mikrotikccr1009-7g-1c-1s\+pc-cpe:2.3:h:mikrotik:ccr1009-7g-1c-1s\+pc:-:*:*:*:*:*:*:*
mikrotikccr1009-7g-1c-pc-cpe:2.3:h:mikrotik:ccr1009-7g-1c-pc:-:*:*:*:*:*:*:*
mikrotikccr1016-12g-cpe:2.3:h:mikrotik:ccr1016-12g:-:*:*:*:*:*:*:*
mikrotikccr1016-12s-1s\+-cpe:2.3:h:mikrotik:ccr1016-12s-1s\+:-:*:*:*:*:*:*:*
mikrotikccr1036-12g-4s-cpe:2.3:h:mikrotik:ccr1036-12g-4s:-:*:*:*:*:*:*:*
mikrotikccr1036-12g-4s-em-cpe:2.3:h:mikrotik:ccr1036-12g-4s-em:-:*:*:*:*:*:*:*
mikrotikccr1036-8g-2s\+-cpe:2.3:h:mikrotik:ccr1036-8g-2s\+:-:*:*:*:*:*:*:*
mikrotikccr1036-8g-2s\+em-cpe:2.3:h:mikrotik:ccr1036-8g-2s\+em:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mikrotik	routeros	*	cpe:2.3:o:mikrotik:routeros::::::::
mikrotik	ccr1009-7g-1c-1s\+	-	cpe:2.3:h:mikrotik:ccr1009-7g-1c-1s\+:-:::::::*
mikrotik	ccr1009-7g-1c-1s\+pc	-	cpe:2.3:h:mikrotik:ccr1009-7g-1c-1s\+pc:-:::::::*
mikrotik	ccr1009-7g-1c-pc	-	cpe:2.3:h:mikrotik:ccr1009-7g-1c-pc:-:::::::*
mikrotik	ccr1016-12g	-	cpe:2.3:h:mikrotik:ccr1016-12g:-:::::::*
mikrotik	ccr1016-12s-1s\+	-	cpe:2.3:h:mikrotik:ccr1016-12s-1s\+:-:::::::*
mikrotik	ccr1036-12g-4s	-	cpe:2.3:h:mikrotik:ccr1036-12g-4s:-:::::::*
mikrotik	ccr1036-12g-4s-em	-	cpe:2.3:h:mikrotik:ccr1036-12g-4s-em:-:::::::*
mikrotik	ccr1036-8g-2s\+	-	cpe:2.3:h:mikrotik:ccr1036-8g-2s\+:-:::::::*
mikrotik	ccr1036-8g-2s\+em	-	cpe:2.3:h:mikrotik:ccr1036-8g-2s\+em:-:::::::*

Rows per page:

1-10 of 271

References

packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html

www.exploit-db.com/exploits/48228

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.008

Percentile

81.9%

JSON

Related for CVE-2020-10364