TVN ID | TVN-202103010 |
---|---|
CVE ID | CVE-2021-28183 |
CVSS | 4.9 (Medium) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
Affected Products | BMC's firmwares: Z10PR-D16 1.14.51 ASMB8-iKVM 1.14.51 Z10PE-D16 WS 1.14.2 |
Description | The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. |
Solution | update BMC's firmwares to the following versions: Z10PR-D16 1.16.1 ASMB8-iKVM 1.16.1 Z10PE-D16 WS 1.16.1 |
Credit | ASUS |
Public Date | 2021-04-06 |