CVE-2021-28177 - OpenCVE

The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Asus	Asmb8-ikvm Asmb8-ikvm Firmware Z10pe-d16 Ws Z10pe-d16 Ws Firmware Z10pr-d16 Z10pr-d16 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:asus:z10pr-d16_firmware:1.14.51:*:*:*:*:*:*:*

cpe:2.3:h:asus:z10pr-d16:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:asus:asmb8-ikvm_firmware:1.14.51:*:*:*:*:*:*:*

cpe:2.3:h:asus:asmb8-ikvm:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:asus:z10pe-d16_ws_firmware:1.14.2:*:*:*:*:*:*:*

cpe:2.3:h:asus:z10pe-d16_ws:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.asus.com/content/ASUS-Product-Security-Advisory/
https://www.asus.com/tw/support/callus/
https://www.twcert.org.tw/tw/cp-132-4547-88e43-1.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: twcert

Published: 2021-04-06T05:02:00.622742Z

Updated: 2024-09-16T19:10:49.934Z

Reserved: 2021-03-12T00:00:00

Link: CVE-2021-28177

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-04-06T05:15:14.753

Modified: 2021-04-12T15:43:58.130

Link: CVE-2021-28177

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "BMC firmware for Z10PR-D16", "vendor": "ASUS", "versions": [{"status": "affected", "version": "1.14.51"}]}, {"product": "BMC firmware for ASMB8-iKVM", "vendor": "ASUS", "versions": [{"status": "affected", "version": "1.14.51"}]}, {"product": "BMC firmware for Z10PE-D16 WS", "vendor": "ASUS", "versions": [{"status": "affected", "version": "1.14.2"}]}], "datePublic": "2021-04-06T00:00:00", "descriptions": [{"lang": "en", "value": "The LDAP configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-06T05:02:00", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.asus.com/tw/support/callus/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-4547-88e43-1.html"}], "solutions": [{"lang": "en", "value": "update BMC's firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"}], "source": {"advisory": "TVN-202103004", "discovery": "EXTERNAL"}, "title": "ASUS BMC's firmware: buffer overflow - LDAP configuration function", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2021-04-06T02:48:00.000Z", "ID": "CVE-2021-28177", "STATE": "PUBLIC", "TITLE": "ASUS BMC's firmware: buffer overflow - LDAP configuration function"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BMC firmware for Z10PR-D16", "version": {"version_data": [{"version_affected": "=", "version_value": "1.14.51"}]}}, {"product_name": "BMC firmware for ASMB8-iKVM", "version": {"version_data": [{"version_affected": "=", "version_value": "1.14.51"}]}}, {"product_name": "BMC firmware for Z10PE-D16 WS", "version": {"version_data": [{"version_affected": "=", "version_value": "1.14.2"}]}}]}, "vendor_name": "ASUS"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The LDAP configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-120 Buffer Overflow"}]}]}, "references": {"reference_data": [{"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/", "refsource": "MISC", "url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"}, {"name": "https://www.asus.com/tw/support/callus/", "refsource": "MISC", "url": "https://www.asus.com/tw/support/callus/"}, {"name": "https://www.twcert.org.tw/tw/cp-132-4547-88e43-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-4547-88e43-1.html"}]}, "solution": [{"lang": "en", "value": "update BMC's firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"}], "source": {"advisory": "TVN-202103004", "discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:40:12.192Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.asus.com/tw/support/callus/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.twcert.org.tw/tw/cp-132-4547-88e43-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2021-28177", "datePublished": "2021-04-06T05:02:00.622742Z", "dateReserved": "2021-03-12T00:00:00", "dateUpdated": "2024-09-16T19:10:49.934Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:z10pr-d16_firmware:1.14.51:*:*:*:*:*:*:*", "matchCriteriaId": "F38D0E80-BD62-46A7-B1CD-6C7045FF7F79", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:z10pr-d16:-:*:*:*:*:*:*:*", "matchCriteriaId": "A340A0CE-8BD2-420A-814B-5585C08A4CCB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:asmb8-ikvm_firmware:1.14.51:*:*:*:*:*:*:*", "matchCriteriaId": "4D98B9CE-6675-48A4-98A3-6E5DA19A2480", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:asmb8-ikvm:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A2F069D-18EE-49A3-A8EB-3C745425BFFE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:z10pe-d16_ws_firmware:1.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "0B5DB0A7-B863-4AFF-BEB6-6958F921C016", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:z10pe-d16_ws:-:*:*:*:*:*:*:*", "matchCriteriaId": "51F61A82-6BBE-4758-9789-7CE6FCB9E20D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The LDAP configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."}, {"lang": "es", "value": "La funci\u00f3n de configuration de LDAP en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC, no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer. Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"}], "id": "CVE-2021-28177", "lastModified": "2021-04-12T15:43:58.130", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2021-04-06T05:15:14.753", "references": [{"source": "twcert@cert.org.tw", "tags": ["Vendor Advisory"], "url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"}, {"source": "twcert@cert.org.tw", "tags": ["Vendor Advisory"], "url": "https://www.asus.com/tw/support/callus/"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-4547-88e43-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-120"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-120"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}