Vulnerability Details CVE-2021-41987
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.546
EPSS Ranking 97.9%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References