Executive Summary

Title Broadcom NetXtreme management firmware ASF buffer overflow
Name VU#512705 First vendor Publication 2010-03-25
Vendor VU-CERT Last vendor Modification 2010-06-21
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Vulnerability Note VU#512705

Broadcom NetXtreme management firmware ASF buffer overflow


A buffer overflow vulnerability exists in the Broadcom NetXtreme management firmware. This vulnerability may allow a remote attacker to execute arbitrary code on an affected device.

I. Description

The Alert Standard Format (ASF) Specification is a protocol developed by Distributed Management Task Force, Inc. (DMTF) that defines remote control and alerting interfaces for systems and devices when a host operating system is not present. The management firmware supplied with certain Broadcom NetXtreme network adapters supports ASF. A buffer overflow vulnerability exists in certain versions of this firmware when handling malformed ASF version 2.0 RAKP Message 1 packets. Devices with affected versions of the firmware would only be vulnerable if Remote Management and Control Protocol (RMCP) over the RMCP Security-Extensions Protocol (RSP) manageability is enabled. This functionality is typically disabled by default.

Broadcom identifies the affected devices and the latest vulnerable management firmware versions as

  • BCM5751, BCM5752, BCM5753, BCM5754, BCM5755, BCM5756, BCM5764, BCM5787: v8.04
  • BCM57760: v8.07
  • BCM5761: v1.24.0.9

Broadcom notes that reliable exploitation of this vulnerability is specific to the device type and firmware version in use on the target system.

II. Impact

A remote, unauthenticated attacker may be able to execute arbitrary or chosen code on the embedded management controller or cause the controller to halt operation, resulting in a denial of service.

III. Solution

Apply an update from the vendor

Broadcom has released updated versions of the management firmware for all affected devices to PC OEMs as part of the Broadcom NetXtreme 14.0 software release. Users should consult the Systems Affected section of this document for information about specific OEM vendors.

Disable ASF support

Administrators can disable the management firmware or Secure ASF (RSP) support in the network interface management software.

Block or restrict network access

Blocking access to the ports used by the affected component (623/udp and 664/udp) from outside your network perimeter can help limit your exposure to attacks. However, blocking at the network perimeter would still allow attackers within the perimeter of your network to exploit the vulnerability.

Systems Affected

VendorStatusDate NotifiedDate Updated
Dell Computer Corporation, Inc.Unknown2010-03-252010-03-25
Hewlett-Packard CompanyVulnerable2010-03-18




Thanks to Rob Swindell of Broadcom for reporting this vulnerability. Broadcom credits Loïc Duflot, Yves-Alexis Perez of the French Agence Nationale de la Sécurité des Systèmes d’Information (ANSSI) with reporting this issue.

This document was written by Chad R Dougherty.

Other Information

Date Public:2010-03-15
Date First Published:2010-03-25
Date Last Updated:2010-06-21
CERT Advisory: 
US-CERT Technical Alerts: 
Document Revision:30

Original Source

Url : http://www.kb.cert.org/vuls/id/512705

CPE : Common Platform Enumeration

Hardware 2

Open Source Vulnerability Database (OSVDB)

Id Description
63007 HP Broadcom Integrated NIC Management Firmware Unspecified Arbitrary Code Exe...

Alert History

If you want to see full details history, please login or register.
Date Informations
2013-05-11 00:57:09
  • Multiple Updates