CVE-2021-28184

Summary

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Affected Software

VendorProductVersion RangeStatus
ASUSBMC firmware for Z10PR-D161.14.51affected
ASUSBMC firmware for ASMB8-iKVM1.14.51affected
ASUSBMC firmware for Z10PE-D16 WS1.14.2affected

Weaknesses

  • CWE-120: CWE-120 Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References