CVE-2021-41289

{"id": "CVE-2021-41289", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 1.8}]}, "published": "2021-11-15T10:15:07.697", "references": [{"url": "https://www.asus.com/tw/supportonly/P453UJ/HelpDesk_BIOS/", "tags": ["Vendor Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-5284-35790-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "ASUS P453UJ contains the Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability. With a general user\u2019s permission, local attackers can modify the BIOS by replacing or filling in the content of the designated Memory DataBuffer, which causing a failure of integrity verification and further resulting in a failure to boot."}, {"lang": "es", "value": "ASUS P453UJ contiene una vulnerabilidad de restricci\u00f3n inapropiada de operaciones dentro de los l\u00edmites de un b\u00fafer de memoria. Con el permiso de un usuario general, atacantes locales pueden modificar la BIOS sustituyendo o rellenando el contenido del Memory DataBuffer designado, lo que causa un fallo en la verificaci\u00f3n de la integridad y, adem\u00e1s, resulta en un fallo en el arranque"}], "lastModified": "2021-12-13T18:06:32.787", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:p453uj_bios:311:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CECD9807-20DD-4BDD-8C03-8474B1B76F83"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:p453uj:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1B011150-81F5-466C-8BBC-E3037529F59E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "twcert@cert.org.tw"}