Products

Solutions

Company

Book A Live Demo

CVE-2021-28175 : What You Need to Know

Learn about CVE-2021-28175, a buffer overflow vulnerability in ASUS BMC's firmware Web management page. Find out the impact, affected systems, exploitation method, and mitigation steps.

The Radius configuration function in ASUS BMC's firmware Web management page has a Buffer overflow vulnerability due to the lack of string length verification. This could allow remote attackers to exploit the vulnerability and terminate the Web service.

Understanding CVE-2021-28175

This CVE involves a buffer overflow vulnerability in ASUS BMC's firmware, affecting multiple versions of firmware.

What is CVE-2021-28175?

The vulnerability in the Radius configuration function of ASUS BMC's firmware allows remote attackers to cause an abnormal termination of the Web service by leveraging user input with excessive string length.

The Impact of CVE-2021-28175

With a CVSS base score of 4.9 (Medium severity), this vulnerability can have a high impact on the availability of the affected systems. Attackers with high privileges can exploit this vulnerability remotely without user interaction.

Technical Details of CVE-2021-28175

The following technical details shed light on the CVE's specifics.

Vulnerability Description

The Buffer overflow vulnerability in ASUS BMC's firmware is caused by inadequate string length verification in the Radius configuration function, enabling attackers to terminate the Web service abnormally.

Affected Systems and Versions

BMC firmware for Z10PR-D16 version 1.14.51

BMC firmware for ASMB8-iKVM version 1.14.51

BMC firmware for Z10PE-D16 WS version 1.14.2

Exploitation Mechanism

Remote attackers exploit the buffer overflow vulnerability by manipulating string length input in the configuration function, leading to an abnormal termination of the Web service.

Mitigation and Prevention

To address CVE-2021-28175, it is crucial to take immediate steps and adopt long-term security practices to secure the affected systems.

Immediate Steps to Take

Update ASUS BMC's firmware to the following versions:

Z10PR-D16: 1.16.1

ASMB8-iKVM: 1.16.1

Z10PE-D16 WS: 1.16.1

Long-Term Security Practices

Regularly check for firmware updates and security advisories from ASUS to stay protected against potential vulnerabilities.

Patching and Updates

Ensure timely application of firmware patches and updates to mitigate the risk of buffer overflow vulnerabilities in BMC firmware.

CVE-2021-28175 : What You Need to Know

Understanding CVE-2021-28175

What is CVE-2021-28175?

The Impact of CVE-2021-28175

Technical Details of CVE-2021-28175

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2021-28175 : What You Need to Know

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2021-28175

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2021-28175?

The Impact of CVE-2021-28175

Technical Details of CVE-2021-28175

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2021-28175

What is CVE-2021-28175?

Is your System Free of Underlying Vulnerabilities?
Find Out Now