go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

ASUS BMC's firmware: buffer overflow - UEFI configuration function

TVN ID TVN-202103005
CVE ID CVE-2021-28178
CVSS 4.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products BMC's firmwares:
Z10PR-D16 1.14.51
ASMB8-iKVM 1.14.51
Z10PE-D16 WS 1.14.2
Description The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Solution update BMC's firmwares to the following versions:
Z10PR-D16 1.16.1
ASMB8-iKVM 1.16.1
Z10PE-D16 WS 1.16.1
Credit ASUS
Public Date 2021-04-06
Top