Cloud Defense Logo

Products

Solutions

Company

CVE-2021-28188 : Security Advisory and Response

Learn about CVE-2021-28188, a medium-severity buffer overflow vulnerability in ASUS BMC firmware, impacting Web services. Find mitigation steps and firmware update details.

This article provides details about the CVE-2021-28188 vulnerability in ASUS BMC firmware, including its impact, technical details, mitigation steps, and more.

Understanding CVE-2021-28188

This CVE involves a buffer overflow vulnerability in the Modify user's information function of ASUS BMC firmware, leading to remote attackers gaining privileged permissions.

What is CVE-2021-28188?

The specific function in ASUS BMC's firmware Web management page does not verify user-entered string length, allowing remote attackers to execute a buffer overflow attack and disrupt the Web service.

The Impact of CVE-2021-28188

With a CVSS base score of 4.9, this medium-severity vulnerability can cause high availability impact for affected systems, allowing attackers to terminate Web services abnormally.

Technical Details of CVE-2021-28188

This section covers the vulnerability description, affected systems, versions, and exploitation mechanism.

Vulnerability Description

The buffer overflow vulnerability in ASUS BMC firmware enables remote attackers to obtain privileged permissions and disrupt Web services.

Affected Systems and Versions

        BMC firmware for Z10PR-D16 (ASUS) version 1.14.51
        BMC firmware for ASMB8-iKVM (ASUS) version 1.14.51
        BMC firmware for Z10PE-D16 WS (ASUS) version 1.14.2

Exploitation Mechanism

Remote attackers can exploit this vulnerability by manipulating string length inputs in the Modify user's information function, causing buffer overflow.

Mitigation and Prevention

Learn about the immediate steps, long-term security measures, and patching procedures to safeguard your systems.

Immediate Steps to Take

Update ASUS BMC firmware to the following versions:

        Z10PR-D16: 1.16.1
        ASMB8-iKVM: 1.16.1
        Z10PE-D16 WS: 1.16.1

Long-Term Security Practices

Implement strict input validation, regular security assessments, and network segmentation to prevent buffer overflow attacks.

Patching and Updates

Regularly check for firmware updates, security advisories, and patches from ASUS to address vulnerabilities and enhance system security.

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now