CVE-2021-28201
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Exploitability: 1.2 / Impact: 3.6
Source: NVD
Description
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Affected (44)
Products: Asus: Asmb9 Ikvm Firmware, Rs720a E9 Rs24 E Firmware, Rs700a E9 Rs4 Firmware, Rs700 E9 Rs4 Firmware, Esc4000 G4x Firmware, Rs700 E9 Rs12 Firmware, Rs100 E10 Pi2 Firmware, Rs300 E10 Ps4 Firmware, Rs300 E10 Rs4 Firmware, Rs500a E9 Ps4 Firmware, Rs500a E9 Rs4 Firmware, Rs500a E9 Rs4 U Firmware, E700 G4 Firmware, Ws C422 Pro/se Firmware, Ws X299 Pro/se Firmware, Z11pa U12 Firmware, Z11pa U12/10g 2s Firmware, Knpa U16 Firmware, Esc4000 Dhd G4 Firmware, Esc4000 G4 Firmware, Rs720q E9 Rs24 S Firmware, Rs720q E9 Rs8 Firmware, Rs720q E9 Rs8 S Firmware, Z11pa D8 Firmware, Z11pa D8c Firmware, Rs720 E9 Rs24 U Firmware, Rs720 E9 Rs8 G Firmware, Rs500 E9 Ps4 Firmware, Pro E800 G4 Firmware, Rs500 E9 Rs4 Firmware, Rs500 E9 Rs4 U Firmware, Rs520 E9 Rs12 E Firmware, Rs520 E9 Rs8 Firmware, Esc8000 G4 Firmware, Esc8000 G4/10g Firmware, Rs720 E9 Rs12 E Firmware, Ws C621e Sage Firmware, Rs500a E10 Ps4 Firmware, Rs500a E10 Rs4 Firmware, Rs700a E9 Rs12v2 Firmware, Rs700a E9 Rs4v2 Firmware, Rs720a E9 Rs12v2 Firmware, Rs720a E9 Rs24v2 Firmware, Z11pr D16 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.11.12 |
| Running on/with | Platform Versions |
|---|---|
Asus Asmb9 Ikvm | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.10.3 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs720a E9 Rs24 E | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.10.0 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs700a E9 Rs4 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.09 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs700 E9 Rs4 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.11.6 |
| Running on/with | Platform Versions |
|---|---|
Asus Esc4000 G4x | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.11.5 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs700 E9 Rs12 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.13.6 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs100 E10 Pi2 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.13.6 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs300 E10 Ps4 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.13.6 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs300 E10 Rs4 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.14.1 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs500a E9 Ps4 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.14.1 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs500a E9 Rs4 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.14.1 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs500a E9 Rs4 U | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.14.1 |
| Running on/with | Platform Versions |
|---|---|
Asus E700 G4 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.14.1 |
| Running on/with | Platform Versions |
|---|---|
Asus Ws C422 Pro/se | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.14.1 |
| Running on/with | Platform Versions |
|---|---|
Asus Ws X299 Pro/se | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.1 |
| Running on/with | Platform Versions |
|---|---|
Asus Z11pa U12 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.1 |
| Running on/with | Platform Versions |
|---|---|
Asus Z11pa U12/10g 2s | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.13.4 |
| Running on/with | Platform Versions |
|---|---|
Asus Knpa U16 | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.13.7 |
| Running on/with | Platform Versions |
|---|---|
Asus Esc4000 Dhd G4 | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.2 |
| Running on/with | Platform Versions |
|---|---|
Asus Esc4000 G4 | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.0 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs720q E9 Rs24 S | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.0 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs720q E9 Rs8 | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.0 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs720q E9 Rs8 S | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.14.1 |
| Running on/with | Platform Versions |
|---|---|
Asus Z11pa D8 | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.14.1 |
| Running on/with | Platform Versions |
|---|---|
Asus Z11pa D8c | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.14.3 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs720 E9 Rs24 U | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.2 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs720 E9 Rs8 G | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.4 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs500 E9 Ps4 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.14.2 |
| Running on/with | Platform Versions |
|---|---|
Asus Pro E800 G4 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.4 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs500 E9 Rs4 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.4 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs500 E9 Rs4 U | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.3 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs520 E9 Rs12 E | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.3 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs520 E9 Rs8 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.4 |
| Running on/with | Platform Versions |
|---|---|
Asus Esc8000 G4 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.4 |
| Running on/with | Platform Versions |
|---|---|
Asus Esc8000 G4/10g | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.2 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs720 E9 Rs12 E | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.1 |
| Running on/with | Platform Versions |
|---|---|
Asus Ws C621e Sage | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.2 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs500a E10 Ps4 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.2 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs500a E10 Rs4 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.1 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs700a E9 Rs12v2 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.1 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs700a E9 Rs4v2 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.2 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs720a E9 Rs12v2 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.1 |
| Running on/with | Platform Versions |
|---|---|
Asus Rs720a E9 Rs24v2 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| Version 1.15.3 |
| Running on/with | Platform Versions |
|---|---|
Asus Z11pr D16 | All versions |
References (6)
Source: twcert@cert.org.tw
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.