Lucene search

TwcertCVELIST:CVE-2021-41289

HistoryNov 15, 2021 - 9:30 a.m.

CVE-2021-41289 ASUS P453UJ - Improper Restriction of Operations within the Bounds of a Memory Buffer

2021-11-1509:30:17

CWE-119

twcert

www.cve.org

asus p453uj

bios

memory buffer

vulnerability

integrity verification

boot failure

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS

Percentile

5.1%

JSON

ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot.

CNA Affected

[
  {
    "product": "P453UJ BIOS",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "311"
      }
    ]
  }
]

References

www.asus.com/tw/supportonly/P453UJ/HelpDesk_BIOS/

www.twcert.org.tw/tw/cp-132-5284-35790-1.html

CVSS3

6.3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-41289