Broadcom Information for VU#512705

Broadcom NetXtreme management firmware ASF buffer overflow

Status

Affected

Vendor Statement

Affected devices are only vulnerable when Secure ASF (RMCP/RSP) manageability
is enabled on the platform , which may not be the typical default system
configuration.

Affected devices and the latest vulnerable management firmware version are:

BCM5751, BCM5752, BCM5753, BCM5754, BCM5755, BCM5756, BCM5764, BCM5787: v8.04
BCM57760: v8.07
BCM5761: v1.24.0.9

[...]

Updated versions of management firmware for all affected devices is now
available to PC OEMs as part of the Broadcom NetXtreme 14.0 software release.

[...]

Available work-arounds include: disabling the management firmware and/or Secure
ASF (RSP) support and blocking UDP port 664 traffic from unauthorized sources
in enterprise firewalls.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.