Описание
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must know the scep_server_name value. This affects RouterOS 6.46.8, 6.47.9, and 6.47.10.
Ссылки
- Release NotesVendor Advisory
- ExploitThird Party Advisory
- Release NotesVendor Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:mikrotik:routeros:6.46.8:*:*:*:*:*:*:*
cpe:2.3:o:mikrotik:routeros:6.47.9:*:*:*:*:*:*:*
cpe:2.3:o:mikrotik:routeros:6.47.10:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.49622
Средний
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-787
Связанные уязвимости
CVSS3: 8.1
github
почти 4 года назад
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must control the SCEP server for a valid certificate. This affects mikrotik-vm-6.46, mikrotik-vm-6.46.8, mikrotik-tile-6.46.8, mikrotik-6.47.9, and mikrotik-6.47.10.
EPSS
Процентиль: 98%
0.49622
Средний
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-787