SSH Daemon Denial of Service Vulnerability in MikroTik Routers
CVE-2020-10364

7.5HIGH

Key Information:

Vendor: Mikrotik
Status: Routeros
Vendor: CVE Published:; 23 March 2020

What is CVE-2020-10364?

The SSH daemon in MikroTik routers, specifically versions up to v6.44.3, is susceptible to a vulnerability that allows remote attackers to exploit uncontrolled resource management. By executing specific connect and write system calls, attackers can generate excessive CPU activity on the affected device. This can ultimately lead to the denial of new authorized connections, potentially resulting in a complete system reboot. Such vulnerabilities highlight significant concerns for device availability and the importance of maintaining up-to-date firmware.

References

https://www.exploit-db.com/exploits/48228

x_refsource_MISC

https://packetstormsecurity.com/files/156790/Microtik-SSH...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 23, 2020
Vulnerability Reserved
Mar 10, 2020

Mikrotik

What is CVE-2020-10364?

References

CVSS V3.1

Timeline