PT-2020-1957 · Mikrotik · Routeros+1

Published

2020-03-19

Updated

2021-07-21

CVE-2020-10364

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions MikroTik RouterOS versions through 6.44.3

Description The issue is related to uncontrolled resource management in the SSH daemon of MikroTik routers. This could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls.

Recommendations For versions through 6.44.3, update to a version later than 6.44.3 to resolve the issue. As a temporary workaround, consider restricting access to the SSH daemon to minimize the risk of exploitation.

Exploit

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

BDU:2020-01255

CVE-2020-10364

Affected Products

Mikrotik Routeros

Routeros

PT-2020-1957 · Mikrotik · Routeros+1

CVE-2020-10364

Weakness Enumeration

Related Identifiers

Affected Products

References · 7