go to Content

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center



ASUS BMC's firmware: buffer overflow - LDAP configuration function

TVN ID TVN-202103004
CVE ID CVE-2021-28177
CVSS 4.9 (Medium)
Affected Products BMC's firmwares:
Z10PR-D16 1.14.51
ASMB8-iKVM 1.14.51
Z10PE-D16 WS 1.14.2
Description The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Solution update BMC's firmwares to the following versions:
Z10PR-D16 1.16.1
ASMB8-iKVM 1.16.1
Z10PE-D16 WS 1.16.1
Credit ASUS
Public Date 2021-04-06