Описание
The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
- Vendor Advisory
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:asus:z10pr-d16_firmware:1.14.51:*:*:*:*:*:*:*
cpe:2.3:h:asus:z10pr-d16:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:asus:asmb8-ikvm_firmware:1.14.51:*:*:*:*:*:*:*
cpe:2.3:h:asus:asmb8-ikvm:-:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:o:asus:z10pe-d16_ws_firmware:1.14.2:*:*:*:*:*:*:*
cpe:2.3:h:asus:z10pe-d16_ws:-:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00895
Низкий
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-120
CWE-120
Связанные уязвимости
github
больше 3 лет назад
The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
EPSS
Процентиль: 75%
0.00895
Низкий
4.9 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-120
CWE-120