The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
References
Link | Resource |
---|---|
https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-Of-Service.html | Exploit Mitigation Third Party Advisory VDB Entry |
https://www.exploit-db.com/exploits/48228 | Exploit Mitigation Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
25 May 2021, 14:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 7.8
v3 : 7.5 |
CPE | cpe:2.3:o:mikrotik:rb2011il-in_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:rb2011ils-in_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:powerbox_pro_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:hex_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:ccr1009-7g-1c-1s\+_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:ccr1016-12s-1s\+_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:hex_poe_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:ccr1036-8g-2s\+em_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:hex_poe_lite_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:rb1100ahx4_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:ccr1016-12g_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:rb2011uias-in_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:hex_s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:ccr1036-12g-4s_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:rb2011uias-rm_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:rb2011il-rm_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:rb3011uias-rm_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:rb1100ahx4_firmware:*:*:dude:*:*:*:*:* cpe:2.3:o:mikrotik:ccr1036-8g-2s\+_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:ccr1036-12g-4s-em_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:ccr1009-7g-1c-1s\+pc_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:powerbox_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:rb4011igs\+rm_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:ccr1009-7g-1c-pc_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:mikrotik:hex_lite_firmware:*:*:*:*:*:*:*:* |
cpe:2.3:o:mikrotik:routeros:*:*:*:*:*:*:*:* |
Information
Published : 2020-03-23 16:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-10364
Mitre link : CVE-2020-10364
CVE.ORG link : CVE-2020-10364
JSON object : View
Products Affected
mikrotik
- ccr1036-8g-2s\+
- rb2011ils-in
- ccr1009-7g-1c-1s\+pc
- rb3011uias-rm
- ccr1036-8g-2s\+em
- ccr1036-12g-4s-em
- hex_poe_lite
- rb2011uias-rm
- powerbox
- rb4011igs\+rm
- hex_lite
- ccr1009-7g-1c-pc
- hex
- rb2011il-rm
- routeros
- hex_s
- rb1100ahx4
- ccr1072-1g-8s\+
- ccr1036-12g-4s
- ccr1016-12g
- rb2011uias-in
- powerbox_pro
- ccr1016-12s-1s\+
- hex_poe
- ccr1009-7g-1c-1s\+
- rb2011il-in
CWE
CWE-770
Allocation of Resources Without Limits or Throttling