CVE-2020-5721 - Vulnerability Details - OpenCVE

Description

MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router.

Published: 2020-04-15

Score: 5.5 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

MikroTik WinBox

affected

Version	Status	Constraints
`3.22 and below`	affected	—

Configuration 1 [-]

cpe:2.3:o:mikrotik:winbox:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2020-26880	MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00101.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://www.tenable.com/security/research/tra-2020-23

History

No history.

Subscriptions

Mikrotik Winbox

MITRE

Status: PUBLISHED

Assigner: tenable

Published: 2020-04-15T20:50:45.000Z

Updated: 2024-08-04T08:39:25.683Z

Reserved: 2020-01-06T00:00:00.000Z

Link: CVE-2020-5721

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-04-15T21:15:36.607

Modified: 2024-11-21T05:34:28.990

Link: CVE-2020-5721

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"containers": {"cna": {"affected": [{"product": "MikroTik WinBox", "vendor": "n/a", "versions": [{"status": "affected", "version": "3.22 and below"}]}], "descriptions": [{"lang": "en", "value": "MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-260", "description": "CWE-260", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-04-15T20:50:45.000Z", "orgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "shortName": "tenable"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.tenable.com/security/research/tra-2020-23"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnreport@tenable.com", "ID": "CVE-2020-5721", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "MikroTik WinBox", "version": {"version_data": [{"version_value": "3.22 and below"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-260"}]}]}, "references": {"reference_data": [{"name": "https://www.tenable.com/security/research/tra-2020-23", "refsource": "MISC", "url": "https://www.tenable.com/security/research/tra-2020-23"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:39:25.683Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.tenable.com/security/research/tra-2020-23"}]}]}, "cveMetadata": {"assignerOrgId": "5ac1ecc2-367a-4d16-a0b2-35d495ddd0be", "assignerShortName": "tenable", "cveId": "CVE-2020-5721", "datePublished": "2020-04-15T20:50:45.000Z", "dateReserved": "2020-01-06T00:00:00.000Z", "dateUpdated": "2024-08-04T08:39:25.683Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:mikrotik:winbox:*:*:*:*:*:*:*:*", "matchCriteriaId": "91019170-B8B8-4975-AAB4-AB69278BC874", "versionEndIncluding": "3.22", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "MikroTik WinBox 3.22 and below stores the user's cleartext password in the settings.cfg.viw configuration file when the Keep Password field is set and no Master Password is set. Keep Password is set by default and, by default Master Password is not set. An attacker with access to the configuration file can extract a username and password to gain access to the router."}, {"lang": "es", "value": "MikroTik WinBox versiones 3.22 y por debajo, almacenan la contrase\u00f1a de texto sin cifrar del usuario en el archivo de configuraci\u00f3n settings.cfg.viw cuando se establece el campo Keep Password y Master Password no se establece. Keep Password se establece por defecto y, Master Password por defecto no se establece. Un atacante con acceso al archivo de configuraci\u00f3n puede extraer un nombre de usuario y contrase\u00f1a para conseguir acceso al router."}], "id": "CVE-2020-5721", "lastModified": "2024-11-21T05:34:28.990", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-15T21:15:36.607", "references": [{"source": "vulnreport@tenable.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2020-23"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.tenable.com/security/research/tra-2020-23"}], "sourceIdentifier": "vulnreport@tenable.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-260"}], "source": "vulnreport@tenable.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-522"}], "source": "nvd@nist.gov", "type": "Primary"}]}