Sign-up

ID

VAR-202004-1843


CVE

CVE-2020-5721


TITLE

MikroTik WinBox Vulnerability regarding inadequate protection of credentials in

Trust: 0.8

sources: JVNDB: JVNDB-2020-004802

DESCRIPTION

MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router. MikroTik WinBox Exists in an inadequate protection of credentials.Information may be obtained. MikroTik WinBox could allow a local malicious user to obtain sensitive information, caused by the storage of user credentials in plain-text in the settings.cfg.viw configuration file

Trust: 1.71

sources: NVD: CVE-2020-5721 // JVNDB: JVNDB-2020-004802 // VULMON: CVE-2020-5721

AFFECTED PRODUCTS

vendor:mikrotikmodel:winboxscope:lteversion:3.22

Trust: 1.0

vendor:mikrotikmodel:winboxscope:eqversion:3.22

Trust: 0.8

sources: JVNDB: JVNDB-2020-004802 // NVD: CVE-2020-5721

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-5721
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-004802
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202004-1149
value: MEDIUM

Trust: 0.6

VULMON: CVE-2020-5721
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-5721
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2020-004802
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-5721
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-004802
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULMON: CVE-2020-5721 // JVNDB: JVNDB-2020-004802 // CNNVD: CNNVD-202004-1149 // NVD: CVE-2020-5721

PROBLEMTYPE DATA

problemtype:CWE-522

Trust: 1.8

problemtype:CWE-260

Trust: 1.0

sources: JVNDB: JVNDB-2020-004802 // NVD: CVE-2020-5721

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202004-1149

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202004-1149

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-004802

PATCH
title:Top Pageurl:https://mikrotik.com/\
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-004802

EXTERNAL IDS
db:TENABLEid:TRA-2020-23
Trust: 2.5
db:NVDid:CVE-2020-5721
Trust: 2.5
db:JVNDBid:JVNDB-2020-004802
Trust: 0.8
db:CNNVDid:CNNVD-202004-1149
Trust: 0.6
db:VULMONid:CVE-2020-5721
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-5721 // 
            
            
            
            JVNDB: JVNDB-2020-004802 // 
            
            
            
            CNNVD: CNNVD-202004-1149 // 
            
            
            
            NVD: CVE-2020-5721

REFERENCES
url:https://www.tenable.com/security/research/tra-2020-23
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2020-5721
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-5721
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/522.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/180007
Trust: 0.1
sources:
            
            
            VULMON: CVE-2020-5721 // 
            
            
            
            JVNDB: JVNDB-2020-004802 // 
            
            
            
            CNNVD: CNNVD-202004-1149 // 
            
            
            
            NVD: CVE-2020-5721

SOURCES
db:VULMONid:CVE-2020-5721
db:JVNDBid:JVNDB-2020-004802
db:CNNVDid:CNNVD-202004-1149
db:NVDid:CVE-2020-5721

LAST UPDATE DATE
2024-11-23T23:01:24.026000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2020-5721date:2020-04-28T00:00:00
db:JVNDBid:JVNDB-2020-004802date:2020-05-28T00:00:00
db:CNNVDid:CNNVD-202004-1149date:2020-04-29T00:00:00
db:NVDid:CVE-2020-5721date:2024-11-21T05:34:28.990

SOURCES RELEASE DATE
db:VULMONid:CVE-2020-5721date:2020-04-15T00:00:00
db:JVNDBid:JVNDB-2020-004802date:2020-05-28T00:00:00
db:CNNVDid:CNNVD-202004-1149date:2020-04-15T00:00:00
db:NVDid:CVE-2020-5721date:2020-04-15T21:15:36.607