CVE-2020-20225
First published: Wed Jul 07 2021(Updated: )
Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| MikroTik RouterOS | <6.47 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-20225?
CVE-2020-20225 is a vulnerability in Mikrotik RouterOs before version 6.47 that allows an authenticated remote attacker to cause a denial of service (DoS) by exploiting an assertion failure in the /nova/bin/user process.
How does CVE-2020-20225 affect Mikrotik RouterOs?
CVE-2020-20225 affects Mikrotik RouterOs versions prior to 6.47 (stable tree).
What is the severity of CVE-2020-20225?
The severity of CVE-2020-20225 is rated as medium, with a severity value of 6.5.
How can an attacker exploit CVE-2020-20225?
An attacker can exploit CVE-2020-20225 by sending a crafted packet to the /nova/bin/user process.
Is there a fix available for CVE-2020-20225?
Yes, updating Mikrotik RouterOs to version 6.47 or newer will fix the CVE-2020-20225 vulnerability.
- collector/nvd-index
- vendor/mikrotik
- canonical/mikrotik routeros