Buffer overflow

2021-04-0605:15:00

PRIOn knowledge base

www.prio-n.com

5.3 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.9%

JSON

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CPENameOperatorVersion
asmb8-ikvm_firmwareeq1.14.51
z10pe-d16_ws_firmwareeq1.14.2
z10pr-d16_firmwareeq1.14.51

Name	Operator	Version
asmb8-ikvm_firmware	eq	1.14.51
z10pe-d16_ws_firmware	eq	1.14.2
z10pr-d16_firmware	eq	1.14.51

References

www.asus.com/content/ASUS-Product-Security-Advisory/

www.asus.com/tw/support/callus/

www.twcert.org.tw/tw/cp-132-4556-ece3d-1.html