Heap-based Buffer Overflow in MikroTik RouterOS SCEP Server

Heap-based Buffer Overflow in MikroTik RouterOS SCEP Server

CVE-2021-41987 · HIGH Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.

Learn more about our Cis Benchmark Audit For Server Software.