CVE-2021-28192

Published: Apr 6, 2021

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

4.9

MEDIUM

Description

The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Vendor	Product	Versions
ASUS	BMC firmware for ASMB9-iKVM	affected `1.11.12`
ASUS	BMC firmware for RS720A-E9-RS24-E	affected `1.10.3`
ASUS	BMC firmware for RS700A-E9-RS4	affected `1.10.0`
ASUS	BMC firmware for RS700-E9-RS4	affected `1.09`
ASUS	BMC firmware for ESC4000 G4X	affected `1.11.6`
ASUS	BMC firmware for RS700-E9-RS12	affected `1.11.5`
ASUS	BMC firmware for RS100-E10-PI2	affected `1.13.6`
ASUS	BMC firmware for RS300-E10-PS4	affected `1.13.6`
ASUS	BMC firmware for RS300-E10-RS4	affected `1.13.6`
ASUS	BMC firmware for RS500A-E9-PS4	affected `1.14.1`
ASUS	BMC firmware for RS500A-E9-RS4	affected `1.14.1`
ASUS	BMC firmware for RS500A-E9 RS4	affected `1.14.1`
ASUS	BMC firmware for E700 G4	affected `1.14.1`
ASUS	BMC firmware for WS C422 PRO/SE	affected `1.14.1`
ASUS	BMC firmware for WS X299 PRO/SE	affected `1.14.1`
ASUS	BMC firmware for Z11PA-U12	affected `1.15.1`
ASUS	BMC firmware for Z11PA-U12/10G-2S	affected `1.15.1`
ASUS	BMC firmware for KNPA-U16	affected `1.13.4`
ASUS	BMC firmware for ESC4000 DHD G4	affected `1.13.7`
ASUS	BMC firmware for ESC4000 G4	affected `1.15.2`
ASUS	BMC firmware for RS720Q-E9-RS24-S	affected `1.15.0`
ASUS	BMC firmware for RS720Q-E9-RS8	affected `1.15.0`
ASUS	BMC firmware for RS720Q-E9-RS8-S	affected `1.15.0`
ASUS	BMC firmware for Z11PA-D8	affected `1.14.1`
ASUS	BMC firmware for Z11PA-D8C	affected `1.14.1`
ASUS	BMC firmware for RS720-E9-RS24-U	affected `1.14.3`
ASUS	BMC firmware for RS720-E9-RS8-G	affected `1.15.2`
ASUS	BMC firmware for RS500-E9-PS4	affected `1.15.4`
ASUS	BMC firmware for Pro E800 G4	affected `1.14.2`
ASUS	BMC firmware for RS500-E9-RS4	affected `1.15.4`
ASUS	BMC firmware for RS500-E9-RS4-U	affected `1.15.4`
ASUS	BMC firmware for RS520-E9-RS12-E	affected `1.15.3`
ASUS	BMC firmware for RS520-E9-RS8	affected `1.15.3`
ASUS	BMC firmware for ESC8000 G4	affected `1.15.4`
ASUS	BMC firmware for ESC8000 G4/10G	affected `1.15.4`
ASUS	BMC firmware for RS720-E9-RS12-E	affected `1.15.2`
ASUS	BMC firmware for WS C621E SAGE	affected `1.15.1`
ASUS	BMC firmware for RS500A-E10-PS4	affected `1.15.2`
ASUS	BMC firmware for RS500A-E10-RS4	affected `1.15.2`
ASUS	BMC firmware for RS700A-E9-RS12V2	affected `1.15.1`
ASUS	BMC firmware for RS700A-E9-RS4V2	affected `1.15.1`
ASUS	BMC firmware for RS720A-E9-RS12V2	affected `1.15.2`
ASUS	BMC firmware for RS720A-E9-RS24V2	affected `1.15.1`
ASUS	BMC firmware for Z11PR-D16	affected `1.15.3`

Weaknesses (CWE)

CWE-120

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://www.asus.com/content/ASUS-Product-Security-Advisory/

x_refsource_MISC

https://www.asus.com/tw/support/callus/

x_refsource_MISC

https://www.twcert.org.tw/tw/cp-132-4562-4b207-1.html

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-28192

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References