CVE-2020-20231 in MikroTikinfo

Summary

by MITRE • 07/15/2021

Mikrotik RouterOs through stable version 6.48.3 suffers from a memory corruption vulnerability in the /nova/bin/detnet process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/18/2021

The vulnerability identified as CVE-2020-20231 affects MikroTik RouterOS versions up to and including 6.48.3, specifically within the /nova/bin/detnet process. This memory corruption flaw represents a significant security concern for network infrastructure devices running affected firmware versions. The issue manifests as a NULL pointer dereference that can be exploited by authenticated remote attackers to trigger a denial of service condition, effectively disrupting network operations and potentially compromising network availability.

The technical nature of this vulnerability places it within the scope of CWE-476, which categorizes NULL pointer dereference as a common programming error that can lead to system instability and service disruption. The detnet process in question appears to handle network data transmission or processing functions, making it a critical component within the RouterOS architecture. When an authenticated attacker sends specifically crafted requests to this process, the system attempts to dereference a NULL pointer, causing the process to crash and resulting in a denial of service condition that affects network connectivity and router functionality.

From an operational impact perspective, this vulnerability allows authenticated remote attackers to perform denial of service attacks against MikroTik devices without requiring physical access or complex exploitation techniques. The authenticated nature of the attack means that an attacker must first establish valid credentials, but this requirement does not significantly mitigate the risk given that many network devices may have default credentials or credentials that have been compromised through other means. The impact extends beyond simple service disruption as network administrators may experience extended downtime while investigating and resolving the issue, potentially affecting business continuity and network reliability.

The ATT&CK framework categorizes this vulnerability under the T1499.004 technique for network denial of service, where adversaries leverage system weaknesses to disrupt network services. Organizations running affected MikroTik devices should prioritize patch management and firmware updates to address this vulnerability. The recommended mitigation strategy involves upgrading to RouterOS version 6.48.4 or later, which contains the necessary fixes to prevent the NULL pointer dereference in the detnet process. Additionally, network administrators should implement monitoring solutions to detect unusual patterns of authentication attempts or process crashes that may indicate exploitation attempts, while maintaining strict access controls and credential management practices to prevent unauthorized access to network devices.

Reservation

08/13/2020

Disclosure

07/15/2021

Moderation

accepted

CPE

ready

EPSS

0.02007

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!