Rewterz Threat Advisory – Critical SAP Applications Under Active Attack
April 7, 2021Rewterz Threat Alert – LokiBot Malware – Active IOCs
April 7, 2021Rewterz Threat Advisory – Critical SAP Applications Under Active Attack
April 7, 2021Rewterz Threat Alert – LokiBot Malware – Active IOCs
April 7, 2021Severity
Medium
Analysis Summary
ASUS BMC firmware is vulnerable to a denial of service, caused by a buffer overflow in the SMTP configuration function in the Web management page. By sending a specially-crafted input, a remote authenticated attacker could exploit this vulnerability to terminate the Web service, and results in a denial of service condition.
Impact
Denial of service
Affected Vendors
ASUS
Affected Products
- ASUS Z10PR-D16 1.14.51
- ASUS ASMB8-iKVM 1.14.51
- ASUS Z10PE-D16 WS 1.14.2
Remediation
Upgrade to the latest version of Z10PR-D16, ASMB8-iKVM, Z10PE-D16 WS (1.16.1 or later).