← Back

CVE-2021-28180

nvd nist
Published: Apr 6, 2021Modified: Nov 21, 2024

JSON object

Loading...
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.2 / Impact: 3.6
Source: NVD

Description

The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Affected (3)

Asus
3 products
Z10pr D16 Firmware
Asmb8 Ikvm Firmware
Z10pe D16 Ws Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Z10pr D16 Firmware
Version 1.14.51
Running on/withPlatform Versions
Asus
Z10pr D16
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Asmb8 Ikvm Firmware
Version 1.14.51
Running on/withPlatform Versions
Asus
Asmb8 Ikvm
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Z10pe D16 Ws Firmware
Version 1.14.2
Running on/withPlatform Versions
Asus
Z10pe D16 Ws
All versions

Related CWEs

CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (6)

Source: twcert@cert.org.tw
Vendor Advisory
Source: twcert@cert.org.tw
Vendor Advisory
Source: twcert@cert.org.tw
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.