CVE-2021-28176 MEDIUM

CVE-2021-28176: ASUS BMC's firmware: buffer overflow - DNS configuration function

Vendor Asus
Product BMC firmware for Z10PR-D16
Weakness CWE-120
Published April 6, 2021
Last update September 17, 2024

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Key dates

02Disclosure timeline

April 6, 2021 CVE published
September 17, 2024 Record updated