Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-28203

The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.

Published

2021-04-06T05:15:16.927

Last Modified

2024-11-21T05:59:21.187

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.2 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-78
  • Type: Primary
    CWE-78
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System asus z10pr-d16_firmware 1.14.51 Yes
Hardware asus z10pr-d16 - No
Operating System asus asmb8-ikvm_firmware 1.14.51 Yes
Hardware asus asmb8-ikvm - No
Operating System asus z10pe-d16_ws_firmware 1.14.2 Yes
Hardware asus z10pe-d16_ws - No
References