Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-28198

The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Published

2021-04-06T05:15:16.503

Last Modified

2024-11-21T05:59:20.143

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-120
Type: Primary
CWE-120

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	asus	asmb9-ikvm_firmware	1.11.12	Yes
Hardware	asus	asmb9-ikvm	-	No
Operating System	asus	rs720a-e9-rs24-e_firmware	1.10.3	Yes
Hardware	asus	rs720a-e9-rs24-e	-	No
Operating System	asus	rs700a-e9-rs4_firmware	1.10.0	Yes
Hardware	asus	rs700a-e9-rs4	-	No
Operating System	asus	rs700-e9-rs4_firmware	1.09	Yes
Hardware	asus	rs700-e9-rs4	-	No
Operating System	asus	esc4000_g4x_firmware	1.11.6	Yes
Hardware	asus	esc4000_g4x	-	No
Operating System	asus	rs700-e9-rs12_firmware	1.11.5	Yes
Hardware	asus	rs700-e9-rs12	-	No
Operating System	asus	rs100-e10-pi2_firmware	1.13.6	Yes
Hardware	asus	rs100-e10-pi2	-	No
Operating System	asus	rs300-e10-ps4_firmware	1.13.6	Yes
Hardware	asus	rs300-e10-ps4	-	No
Operating System	asus	rs300-e10-rs4_firmware	1.13.6	Yes
Hardware	asus	rs300-e10-rs4	-	No
Operating System	asus	rs500a-e9-ps4_firmware	1.14.1	Yes
Hardware	asus	rs500a-e9-ps4	-	No
Operating System	asus	rs500a-e9-rs4_firmware	1.14.1	Yes
Hardware	asus	rs500a-e9-rs4	-	No
Operating System	asus	rs500a-e9_rs4_u_firmware	1.14.1	Yes
Hardware	asus	rs500a-e9_rs4_u	-	No
Operating System	asus	e700_g4_firmware	1.14.1	Yes
Hardware	asus	e700_g4	-	No
Operating System	asus	ws_c422_pro\/se_firmware	1.14.1	Yes
Hardware	asus	ws_c422_pro\/se	-	No
Operating System	asus	ws_x299_pro\/se_firmware	1.14.1	Yes
Hardware	asus	ws_x299_pro\/se	-	No
Operating System	asus	z11pa-u12_firmware	1.15.1	Yes
Hardware	asus	z11pa-u12	-	No
Operating System	asus	z11pa-u12\/10g-2s_firmware	1.15.1	Yes
Hardware	asus	z11pa-u12\/10g-2s	-	No
Operating System	asus	knpa-u16_firmware	1.13.4	Yes
Hardware	asus	knpa-u16	-	No
Operating System	asus	esc4000_dhd_g4_firmware	1.13.7	Yes
Hardware	asus	esc4000_dhd_g4	-	No
Operating System	asus	esc4000_g4_firmware	1.15.2	Yes
Hardware	asus	esc4000_g4	-	No
Operating System	asus	rs720q-e9-rs24-s_firmware	1.15.0	Yes
Hardware	asus	rs720q-e9-rs24-s	-	No
Operating System	asus	rs720q-e9-rs8_firmware	1.15.0	Yes
Hardware	asus	rs720q-e9-rs8	-	No
Operating System	asus	rs720q-e9-rs8-s_firmware	1.15.0	Yes
Hardware	asus	rs720q-e9-rs8-s	-	No
Operating System	asus	z11pa-d8_firmware	1.14.1	Yes
Hardware	asus	z11pa-d8	-	No
Operating System	asus	z11pa-d8c_firmware	1.14.1	Yes
Hardware	asus	z11pa-d8c	-	No
Operating System	asus	rs720-e9-rs24-u_firmware	1.14.3	Yes
Hardware	asus	rs720-e9-rs24-u	-	No
Operating System	asus	rs720-e9-rs8-g_firmware	1.15.2	Yes
Hardware	asus	rs720-e9-rs8-g	-	No
Operating System	asus	rs500-e9-ps4_firmware	1.15.4	Yes
Hardware	asus	rs500-e9-ps4	-	No
Operating System	asus	pro_e800_g4_firmware	1.14.2	Yes
Hardware	asus	pro_e800_g4	-	No
Operating System	asus	rs500-e9-rs4_firmware	1.15.4	Yes
Hardware	asus	rs500-e9-rs4	-	No
Operating System	asus	rs500-e9-rs4-u_firmware	1.15.4	Yes
Hardware	asus	rs500-e9-rs4-u	-	No
Operating System	asus	rs520-e9-rs12-e_firmware	1.15.3	Yes
Hardware	asus	rs520-e9-rs12-e	-	No
Operating System	asus	rs520-e9-rs8_firmware	1.15.3	Yes
Hardware	asus	rs520-e9-rs8	-	No
Operating System	asus	esc8000_g4_firmware	1.15.4	Yes
Hardware	asus	esc8000_g4	-	No
Operating System	asus	esc8000_g4\/10g_firmware	1.15.4	Yes
Hardware	asus	esc8000_g4\/10g	-	No
Operating System	asus	rs720-e9-rs12-e_firmware	1.15.2	Yes
Hardware	asus	rs720-e9-rs12-e	-	No
Operating System	asus	ws_c621e_sage_firmware	1.15.1	Yes
Hardware	asus	ws_c621e_sage	-	No
Operating System	asus	rs500a-e10-ps4_firmware	1.15.2	Yes
Hardware	asus	rs500a-e10-ps4	-	No
Operating System	asus	rs500a-e10-rs4_firmware	1.15.2	Yes
Hardware	asus	rs500a-e10-rs4	-	No
Operating System	asus	rs700a-e9-rs12v2_firmware	1.15.1	Yes
Hardware	asus	rs700a-e9-rs12v2	-	No
Operating System	asus	rs700a-e9-rs4v2_firmware	1.15.1	Yes
Hardware	asus	rs700a-e9-rs4v2	-	No
Operating System	asus	rs720a-e9-rs12v2_firmware	1.15.2	Yes
Hardware	asus	rs720a-e9-rs12v2	-	No
Operating System	asus	rs720a-e9-rs24v2_firmware	1.15.1	Yes
Hardware	asus	rs720a-e9-rs24v2	-	No
Operating System	asus	z11pr-d16_firmware	1.15.3	Yes
Hardware	asus	z11pr-d16	-	No

References

https://www.asus.com/content/ASUS-Product-Security-Advisory/ Vendor Advisory ([email protected])
https://www.asus.com/tw/support/callus/ Vendor Advisory ([email protected])
https://www.twcert.org.tw/tw/cp-132-4568-627f7-1.html Third Party Advisory ([email protected])
https://www.asus.com/content/ASUS-Product-Security-Advisory/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.asus.com/tw/support/callus/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.twcert.org.tw/tw/cp-132-4568-627f7-1.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)