CVE-2021-41289 - OpenCVE

ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot.

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:N/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Asus	P453uj Bios P453uj

Configuration 1 [-]

AND

cpe:2.3:o:asus:p453uj_bios:311:*:*:*:*:*:*:*

cpe:2.3:h:asus:p453uj:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.asus.com/tw/supportonly/P453UJ/HelpDesk_BIOS/	Vendor Advisory
https://www.twcert.org.tw/tw/cp-132-5284-35790-1.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: twcert

Published: 2021-11-15T00:00:00

Updated: 2021-11-17T11:17:35

Reserved: 2021-09-15T00:00:00

Link: CVE-2021-41289

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-11-15T10:15:07.697

Modified: 2021-12-13T18:06:32.787

Link: CVE-2021-41289

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "P453UJ BIOS", "vendor": "ASUS", "versions": [{"status": "affected", "version": "311"}]}], "datePublic": "2021-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user\u2019s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-119", "description": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-17T11:17:35", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-5284-35790-1.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.asus.com/tw/supportonly/P453UJ/HelpDesk_BIOS/"}], "solutions": [{"lang": "en", "value": "ASUS P453UJ BIOS 313"}], "source": {"advisory": "TVN-202109005", "discovery": "EXTERNAL"}, "title": "ASUS P453UJ - Improper Restriction of Operations within the Bounds of a Memory Buffer", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2021-11-15T09:11:00.000Z", "ID": "CVE-2021-41289", "STATE": "PUBLIC", "TITLE": "ASUS P453UJ - Improper Restriction of Operations within the Bounds of a Memory Buffer"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "P453UJ BIOS", "version": {"version_data": [{"version_affected": "=", "version_value": "311"}]}}]}, "vendor_name": "ASUS"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user\u2019s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer"}]}]}, "references": {"reference_data": [{"name": "https://www.twcert.org.tw/tw/cp-132-5284-35790-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-5284-35790-1.html"}, {"name": "https://www.asus.com/tw/supportonly/P453UJ/HelpDesk_BIOS/", "refsource": "MISC", "url": "https://www.asus.com/tw/supportonly/P453UJ/HelpDesk_BIOS/"}]}, "solution": [{"lang": "en", "value": "ASUS P453UJ BIOS 313"}], "source": {"advisory": "TVN-202109005", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2021-41289", "datePublished": "2021-11-15T00:00:00", "dateReserved": "2021-09-15T00:00:00", "dateUpdated": "2021-11-17T11:17:35", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:p453uj_bios:311:*:*:*:*:*:*:*", "matchCriteriaId": "CECD9807-20DD-4BDD-8C03-8474B1B76F83", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:p453uj:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B011150-81F5-466C-8BBC-E3037529F59E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user\u2019s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot."}, {"lang": "es", "value": "ASUS P453UJ contiene una vulnerabilidad de restricci\u00f3n inapropiada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria. Con el permiso de un usuario general, atacantes locales pueden modificar la BIOS sustituyendo o rellenando el contenido del Memory DataBuffer designado, lo que causa un fallo en la verificaci\u00f3n de la integridad y, adem\u00e1s, resulta en un fallo en el arranque"}], "id": "CVE-2021-41289", "lastModified": "2021-12-13T18:06:32.787", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.2, "source": "twcert@cert.org.tw", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2021-11-15T10:15:07.697", "references": [{"source": "twcert@cert.org.tw", "tags": ["Vendor Advisory"], "url": "https://www.asus.com/tw/supportonly/P453UJ/HelpDesk_BIOS/"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-5284-35790-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-119"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}