Broadcom Information for VU#512705

Broadcom NetXtreme management firmware ASF buffer overflow



Vendor Statement

Affected devices are only vulnerable when Secure ASF (RMCP/RSP) manageability
is enabled on the platform , which may not be the typical default system

Affected devices and the latest vulnerable management firmware version are:

BCM5751, BCM5752, BCM5753, BCM5754, BCM5755, BCM5756, BCM5764, BCM5787: v8.04
BCM57760: v8.07
BCM5761: v1.24.0.9


Updated versions of management firmware for all affected devices is now
available to PC OEMs as part of the Broadcom NetXtreme 14.0 software release.


Available work-arounds include: disabling the management firmware and/or Secure
ASF (RSP) support and blocking UDP port 664 traffic from unauthorized sources
in enterprise firewalls.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References



There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.