CVE-2021-28191 MEDIUM

CVE-2021-28191: ASUS BMC's firmware: buffer overflow - Firmware update function

Vendor Asus
Product BMC firmware for ASMB9-iKVM
Weakness CWE-120
Published April 6, 2021
Last update September 16, 2024

CVSS base score

4.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Key dates

02Disclosure timeline

April 6, 2021 CVE published
September 16, 2024 Record updated