Vulnerability Details : CVE-2020-20214
Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2020-20214
Probability of exploitation activity in the next 30 days: 0.29%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 65 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-20214
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:N/A:P |
8.0
|
2.9
|
NIST |
6.5
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
2.8
|
3.6
|
NIST |
CWE ids for CVE-2020-20214
-
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-20214
-
https://mikrotik.com/
MikroTik Routers and WirelessProduct
-
http://packetstormsecurity.com/files/162513/Mikrotik-RouterOS-6.46.5-Memory-Corruption-Assertion-Failure.html
Mikrotik RouterOS 6.46.5 Memory Corruption / Assertion Failure ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://seclists.org/fulldisclosure/2021/May/15
Full Disclosure: Four vulnerabilities found in MikroTik's RouterOSExploit;Mailing List;Third Party Advisory
Products affected by CVE-2020-20214
- cpe:2.3:o:mikrotik:routeros:6.44.6:*:*:*:ltr:*:*:*