Uncontrolled Resource Consumption Vulnerability in MikroTik RouterOS
CVE-2020-20221

6.5MEDIUM

Key Information:

Vendor

Mikrotik

Status
Routeros
Vendor
CVE Published:
21 July 2021

What is CVE-2020-20221?

MikroTik RouterOS versions prior to 6.44.6 in the long-term tree are affected by an uncontrolled resource consumption issue within the /nova/bin/cerm process. This vulnerability allows an authenticated remote attacker to overload the CPU, leading to a Denial of Service condition. It poses a risk to system stability and availability, requiring timely patching and mitigation strategies.

References

https://cwe.mitre.org/data/definitions/400.html
x_refsource_MISC
https://seclists.org/fulldisclosure/2020/May/30
x_refsource_MISC
https://seclists.org/fulldisclosure/2021/May/1
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.