CVE-2021-41289 — MEDIUM (6.3)

Vulnerability Description

ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Asus	P453Uj Bios	311
Asus	P453Uj	-

Related Weaknesses (CWE)

CWE-119

References

https://www.asus.com/tw/supportonly/P453UJ/HelpDesk_BIOS/Vendor Advisory
https://www.twcert.org.tw/tw/cp-132-5284-35790-1.htmlThird Party Advisory
https://www.asus.com/tw/supportonly/P453UJ/HelpDesk_BIOS/Vendor Advisory
https://www.twcert.org.tw/tw/cp-132-5284-35790-1.htmlThird Party Advisory

FAQ

What is CVE-2021-41289?

CVE-2021-41289 is a vulnerability with a CVSS score of 6.3 (MEDIUM). ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user’s permission, local attackers can modify the BIOS by replacing or fi...

How severe is CVE-2021-41289?

CVE-2021-41289 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-41289?

Check the references section above for vendor advisories and patch information. Affected products include: Asus P453Uj Bios, Asus P453Uj.