The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CPE | Name | Operator | Version |
---|---|---|---|
asmb8-ikvm_firmware | eq | 1.14.51 | |
z10pe-d16_ws_firmware | eq | 1.14.2 | |
z10pr-d16_firmware | eq | 1.14.51 |