Lucene search

K
cve[email protected]CVE-2021-28195
HistoryApr 06, 2021 - 5:15 a.m.

CVE-2021-28195

2021-04-0605:15:16
CWE-120
web.nvd.nist.gov
34
asus
bmc
firmware
web management
radius
configuration
buffer overflow
vulnerability
nvd
cve-2021-28195

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.8%

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Affected configurations

NVD
Node
asusasmb9-ikvm_firmwareMatch1.11.12
AND
asusasmb9-ikvmMatch-
Node
asusrs720a-e9-rs24-e_firmwareMatch1.10.3
AND
asusrs720a-e9-rs24-eMatch-
Node
asusrs700a-e9-rs4_firmwareMatch1.10.0
AND
asusrs700a-e9-rs4Match-
Node
asusrs700-e9-rs4_firmwareMatch1.09
AND
asusrs700-e9-rs4Match-
Node
asusesc4000_g4x_firmwareMatch1.11.6
AND
asusesc4000_g4xMatch-
Node
asusrs700-e9-rs12_firmwareMatch1.11.5
AND
asusrs700-e9-rs12Match-
Node
asusrs100-e10-pi2_firmwareMatch1.13.6
AND
asusrs100-e10-pi2Match-
Node
asusrs300-e10-ps4_firmwareMatch1.13.6
AND
asusrs300-e10-ps4Match-
Node
asusrs300-e10-rs4_firmwareMatch1.13.6
AND
asusrs300-e10-rs4Match-
Node
asusrs500a-e9-ps4_firmwareMatch1.14.1
AND
asusrs500a-e9-ps4Match-
Node
asusrs500a-e9-rs4_firmwareMatch1.14.1
AND
asusrs500a-e9-rs4Match-
Node
asusrs500a-e9_rs4_u_firmwareMatch1.14.1
AND
asusrs500a-e9_rs4_uMatch-
Node
asuse700_g4_firmwareMatch1.14.1
AND
asuse700_g4Match-
Node
asusws_c422_pro\/se_firmwareMatch1.14.1
AND
asusws_c422_pro\/seMatch-
Node
asusws_x299_pro\/se_firmwareMatch1.14.1
AND
asusws_x299_pro\/seMatch-
Node
asusz11pa-u12_firmwareMatch1.15.1
AND
asusz11pa-u12Match-
Node
asusz11pa-u12\/10g-2s_firmwareMatch1.15.1
AND
asusz11pa-u12\/10g-2sMatch-
Node
asusknpa-u16_firmwareMatch1.13.4
AND
asusknpa-u16Match-
Node
asusesc4000_dhd_g4_firmwareMatch1.13.7
AND
asusesc4000_dhd_g4Match-
Node
asusesc4000_g4_firmwareMatch1.15.2
AND
asusesc4000_g4Match-
Node
asusrs720q-e9-rs24-s_firmwareMatch1.15.0
AND
asusrs720q-e9-rs24-sMatch-
Node
asusrs720q-e9-rs8_firmwareMatch1.15.0
AND
asusrs720q-e9-rs8Match-
Node
asusrs720q-e9-rs8-s_firmwareMatch1.15.0
AND
asusrs720q-e9-rs8-sMatch-
Node
asusz11pa-d8_firmwareMatch1.14.1
AND
asusz11pa-d8Match-
Node
asusz11pa-d8c_firmwareMatch1.14.1
AND
asusz11pa-d8cMatch-
Node
asusrs720-e9-rs24-u_firmwareMatch1.14.3
AND
asusrs720-e9-rs24-uMatch-
Node
asusrs720-e9-rs8-g_firmwareMatch1.15.2
AND
asusrs720-e9-rs8-gMatch-
Node
asusrs500-e9-ps4_firmwareMatch1.15.4
AND
asusrs500-e9-ps4Match-
Node
asuspro_e800_g4_firmwareMatch1.14.2
AND
asuspro_e800_g4Match-
Node
asusrs500-e9-rs4_firmwareMatch1.15.4
AND
asusrs500-e9-rs4Match-
Node
asusrs500-e9-rs4-u_firmwareMatch1.15.4
AND
asusrs500-e9-rs4-uMatch-
Node
asusrs520-e9-rs12-e_firmwareMatch1.15.3
AND
asusrs520-e9-rs12-eMatch-
Node
asusrs520-e9-rs8_firmwareMatch1.15.3
AND
asusrs520-e9-rs8Match-
Node
asusesc8000_g4_firmwareMatch1.15.4
AND
asusesc8000_g4Match-
Node
asusesc8000_g4\/10g_firmwareMatch1.15.4
AND
asusesc8000_g4\/10gMatch-
Node
asusrs720-e9-rs12-e_firmwareMatch1.15.2
AND
asusrs720-e9-rs12-eMatch-
Node
asusws_c621e_sage_firmwareMatch1.15.1
AND
asusws_c621e_sageMatch-
Node
asusrs500a-e10-ps4_firmwareMatch1.15.2
AND
asusrs500a-e10-ps4Match-
Node
asusrs500a-e10-rs4_firmwareMatch1.15.2
AND
asusrs500a-e10-rs4Match-
Node
asusrs700a-e9-rs12v2_firmwareMatch1.15.1
AND
asusrs700a-e9-rs12v2Match-
Node
asusrs700a-e9-rs4v2_firmwareMatch1.15.1
AND
asusrs700a-e9-rs4v2Match-
Node
asusrs720a-e9-rs12v2_firmwareMatch1.15.2
AND
asusrs720a-e9-rs12v2Match-
Node
asusrs720a-e9-rs24v2_firmwareMatch1.15.1
AND
asusrs720a-e9-rs24v2Match-
Node
asusz11pr-d16_firmwareMatch1.15.3
AND
asusz11pr-d16Match-

CNA Affected

[
  {
    "product": "BMC firmware for ASMB9-iKVM",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.11.12"
      }
    ]
  },
  {
    "product": "BMC firmware for RS720A-E9-RS24-E",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.10.3"
      }
    ]
  },
  {
    "product": "BMC firmware for RS700A-E9-RS4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.10.0"
      }
    ]
  },
  {
    "product": "BMC firmware for RS700-E9-RS4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.09"
      }
    ]
  },
  {
    "product": "BMC firmware for ESC4000 G4X",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.11.6"
      }
    ]
  },
  {
    "product": "BMC firmware for RS700-E9-RS12",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.11.5"
      }
    ]
  },
  {
    "product": "BMC firmware for RS100-E10-PI2",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.13.6"
      }
    ]
  },
  {
    "product": "BMC firmware for RS300-E10-PS4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.13.6"
      }
    ]
  },
  {
    "product": "BMC firmware for RS300-E10-RS4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.13.6"
      }
    ]
  },
  {
    "product": "BMC firmware for RS500A-E9-PS4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.14.1"
      }
    ]
  },
  {
    "product": "BMC firmware for RS500A-E9-RS4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.14.1"
      }
    ]
  },
  {
    "product": "BMC firmware for RS500A-E9 RS4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.14.1"
      }
    ]
  },
  {
    "product": "BMC firmware for E700 G4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.14.1"
      }
    ]
  },
  {
    "product": "BMC firmware for WS C422 PRO/SE",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.14.1"
      }
    ]
  },
  {
    "product": "BMC firmware for WS X299 PRO/SE",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.14.1"
      }
    ]
  },
  {
    "product": "BMC firmware for Z11PA-U12",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.1"
      }
    ]
  },
  {
    "product": "BMC firmware for Z11PA-U12/10G-2S",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.1"
      }
    ]
  },
  {
    "product": "BMC firmware for KNPA-U16",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.13.4"
      }
    ]
  },
  {
    "product": "BMC firmware for ESC4000 DHD G4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.13.7"
      }
    ]
  },
  {
    "product": "BMC firmware for ESC4000 G4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.2"
      }
    ]
  },
  {
    "product": "BMC firmware for RS720Q-E9-RS24-S",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.0"
      }
    ]
  },
  {
    "product": "BMC firmware for RS720Q-E9-RS8",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.0"
      }
    ]
  },
  {
    "product": "BMC firmware for RS720Q-E9-RS8-S",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.0"
      }
    ]
  },
  {
    "product": "BMC firmware for Z11PA-D8",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.14.1"
      }
    ]
  },
  {
    "product": "BMC firmware for Z11PA-D8C",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.14.1"
      }
    ]
  },
  {
    "product": "BMC firmware for RS720-E9-RS24-U",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.14.3"
      }
    ]
  },
  {
    "product": "BMC firmware for RS720-E9-RS8-G",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.2"
      }
    ]
  },
  {
    "product": "BMC firmware for RS500-E9-PS4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.4"
      }
    ]
  },
  {
    "product": "BMC firmware for Pro E800 G4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.14.2"
      }
    ]
  },
  {
    "product": "BMC firmware for RS500-E9-RS4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.4"
      }
    ]
  },
  {
    "product": "BMC firmware for RS500-E9-RS4-U",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.4"
      }
    ]
  },
  {
    "product": "BMC firmware for RS520-E9-RS12-E",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.3"
      }
    ]
  },
  {
    "product": "BMC firmware for RS520-E9-RS8",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.3"
      }
    ]
  },
  {
    "product": "BMC firmware for ESC8000 G4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.4"
      }
    ]
  },
  {
    "product": "BMC firmware for ESC8000 G4/10G",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.4"
      }
    ]
  },
  {
    "product": "BMC firmware for RS720-E9-RS12-E",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.2"
      }
    ]
  },
  {
    "product": "BMC firmware for WS C621E SAGE",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.1"
      }
    ]
  },
  {
    "product": "BMC firmware for RS500A-E10-PS4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.2"
      }
    ]
  },
  {
    "product": "BMC firmware for RS500A-E10-RS4",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.2"
      }
    ]
  },
  {
    "product": "BMC firmware for RS700A-E9-RS12V2",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.1"
      }
    ]
  },
  {
    "product": "BMC firmware for RS700A-E9-RS4V2",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.1"
      }
    ]
  },
  {
    "product": "BMC firmware for RS720A-E9-RS12V2",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.2"
      }
    ]
  },
  {
    "product": "BMC firmware for RS720A-E9-RS24V2",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.1"
      }
    ]
  },
  {
    "product": "BMC firmware for Z11PR-D16",
    "vendor": "ASUS",
    "versions": [
      {
        "status": "affected",
        "version": "1.15.3"
      }
    ]
  }
]

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

5.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.8%

Related for CVE-2021-28195