Vulnerability Description
The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system calls, because of uncontrolled resource management.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mikrotik | Routeros | <= 6.44.3 |
| Mikrotik | Ccr1009-7G-1C-1S\+ | - |
| Mikrotik | Ccr1009-7G-1C-1S\+Pc | - |
| Mikrotik | Ccr1009-7G-1C-Pc | - |
| Mikrotik | Ccr1016-12G | - |
| Mikrotik | Ccr1016-12S-1S\+ | - |
| Mikrotik | Ccr1036-12G-4S | - |
| Mikrotik | Ccr1036-12G-4S-Em | - |
| Mikrotik | Ccr1036-8G-2S\+ | - |
| Mikrotik | Ccr1036-8G-2S\+Em | - |
| Mikrotik | Ccr1072-1G-8S\+ | - |
| Mikrotik | Hex | - |
| Mikrotik | Hex Lite | - |
| Mikrotik | Hex Poe | - |
| Mikrotik | Hex Poe Lite | - |
| Mikrotik | Hex S | - |
| Mikrotik | Powerbox | - |
| Mikrotik | Powerbox Pro | - |
| Mikrotik | Rb1100Ahx4 | - |
| Mikrotik | Rb2011Il-In | - |
Related Weaknesses (CWE)
References
- https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-OExploitMitigationThird Party Advisory
- https://www.exploit-db.com/exploits/48228ExploitMitigationThird Party Advisory
- https://packetstormsecurity.com/files/156790/Microtik-SSH-Daemon-6.44.3-Denial-OExploitMitigationThird Party Advisory
- https://www.exploit-db.com/exploits/48228ExploitMitigationThird Party Advisory
FAQ
What is CVE-2020-10364?
CVE-2020-10364 is a vulnerability with a CVSS score of 7.5 (HIGH). The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU activity, trigger refusal of new authorized connections, and cause a reboot via connect and write system...
How severe is CVE-2020-10364?
CVE-2020-10364 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-10364?
Check the references section above for vendor advisories and patch information. Affected products include: Mikrotik Routeros, Mikrotik Ccr1009-7G-1C-1S\+, Mikrotik Ccr1009-7G-1C-1S\+Pc, Mikrotik Ccr1009-7G-1C-Pc, Mikrotik Ccr1016-12G.