Path Traversal Vulnerability in MikroTik WinBox Software
CVE-2020-5720

5.9MEDIUM

Key Information:

Vendor: Mikrotik
Status: Mikrotik Winbox
Vendor: CVE Published:; 6 February 2020

What is CVE-2020-5720?

MikroTik WinBox versions before 3.21 are exposed to a path traversal vulnerability that enables attackers to create arbitrary files within locations permitted by WinBox. This exploit could be executed when the software interacts with a malicious endpoint or falls victim to a man-in-the-middle attack, leading to potential unauthorized access and manipulation of critical file system resources.

Affected Version(s)

MikroTik WinBox All versions prior to version 3.21

References

https://www.tenable.com/security/research/tra-2020-07

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 6, 2020
Vulnerability Reserved
Jan 6, 2020

Mikrotik

What is CVE-2020-5720?

Affected Version(s)

References

CVSS V3.1

Timeline