| TVN ID | TVN-202103008 |
|---|---|
| CVE ID | CVE-2021-28181 |
| CVSS | 4.9 (Medium) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
| Affected Products | BMC's firmwares: Z10PR-D16 1.14.51 ASMB8-iKVM 1.14.51 Z10PE-D16 WS 1.14.2 |
| Description | The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
| Solution | update BMC's firmwares to the following versions: Z10PR-D16 1.16.1 ASMB8-iKVM 1.16.1 Z10PE-D16 WS 1.16.1 |
| Credit | ASUS |
| Public Date | 2021-04-06 |
:::