TR-21-0295 (ASUS Cihazlarda Güvenlik Zafiyeti)

Genel Bilgi

ASUS BMC firmware Web yönetim ara yüzünde Buffer Overflow başta olmak üzere bazı zafiyetler tespit edilmiştir.

Etki

Mevcut açıklığı kullanan saldırganların web servisini sonlandırmaları ihtimal dahilindedir. Bahsi geçen zafiyetlerin CVE kodları şu şekildedir:

CVE-2021-28179, CVE-2021-28180, CVE-2021-28181, CVE-2021-28182, CVE-2021-28183, CVE-2021-28184, CVE-2021-28185, CVE-2021-28186, CVE-2021-28187, CVE-2021-28188, CVE-2021-28189, CVE-2021-28190, CVE-2021-28191, CVE-2021-28192, CVE-2021-28193, CVE-2021-28194, CVE-2021-28195, CVE-2021-28196, CVE-2021-28197, CVE-2021-28198, CVE-2021-28199, CVE-2021-28200, CVE-2021-28201, CVE-2021-28202, CVE-2021-28203, CVE-2021-28204, CVE-2021-28205, CVE-2021-28206, CVE-2021-28207, CVE-2021-28208 ve CVE-2021-28209

Çözüm

Ulusal Siber Olaylara Müdahale Merkezi (USOM), kullanıcı ve sistem yöneticilerine yüksek önem derecesindeki zafiyetler için ASUS tarafından yayınlanan güvenlik önerilerini incelemelerini tavsiye etmektedir.

Kaynaklar

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28179

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28180

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28181

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28182

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28183

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28184

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28185

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28186

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28187

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28188

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28179

2021-04-07