PT-2021-10452 · Mikrotik · Mikrotik Routeros

Cq674350529

Published

2021-05-18

Updated

2022-05-03

CVE-2020-20227

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Mikrotik RouterOs version 6.47

Description: The issue is related to a memory corruption problem in the /nova/bin/diskd process. It can be exploited by an authenticated remote attacker to cause a Denial of Service due to invalid memory access.

Recommendations: For Mikrotik RouterOs version 6.47, consider restricting access to the /nova/bin/diskd process until a patch is available. As a temporary workaround, monitor the system for signs of invalid memory access and Denial of Service conditions to minimize the impact of potential exploitation.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2020-20227

Affected Products

Mikrotik Routeros

PT-2021-10452 · Mikrotik · Mikrotik Routeros

CVE-2020-20227

Weakness Enumeration

Related Identifiers

Affected Products

References · 5