Lucene search
HistoryApr 06, 2021 - 5:15 a.m.
CVE-2021-28195
asus
bmc
firmware
web management
radius
configuration
buffer overflow
vulnerability
nvd
cve-2021-28195
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
5.2 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.8%
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Affected configurations
Node
asusasmb9-ikvm_firmwareMatch1.11.12
asusasmb9-ikvmMatch-
Node
asusrs720a-e9-rs24-e_firmwareMatch1.10.3
asusrs720a-e9-rs24-eMatch-
Node
asusrs700a-e9-rs4_firmwareMatch1.10.0
asusrs700a-e9-rs4Match-
Node
asusrs700-e9-rs4_firmwareMatch1.09
asusrs700-e9-rs4Match-
Node
asusesc4000_g4x_firmwareMatch1.11.6
asusesc4000_g4xMatch-
Node
asusrs700-e9-rs12_firmwareMatch1.11.5
asusrs700-e9-rs12Match-
Node
asusrs100-e10-pi2_firmwareMatch1.13.6
asusrs100-e10-pi2Match-
Node
asusrs300-e10-ps4_firmwareMatch1.13.6
asusrs300-e10-ps4Match-
Node
asusrs300-e10-rs4_firmwareMatch1.13.6
asusrs300-e10-rs4Match-
Node
asusrs500a-e9-ps4_firmwareMatch1.14.1
asusrs500a-e9-ps4Match-
Node
asusrs500a-e9-rs4_firmwareMatch1.14.1
asusrs500a-e9-rs4Match-
Node
asusrs500a-e9_rs4_u_firmwareMatch1.14.1
asusrs500a-e9_rs4_uMatch-
Node
asuse700_g4_firmwareMatch1.14.1
asuse700_g4Match-
Node
asusws_c422_pro\/se_firmwareMatch1.14.1
asusws_c422_pro\/seMatch-
Node
asusws_x299_pro\/se_firmwareMatch1.14.1
asusws_x299_pro\/seMatch-
Node
asusz11pa-u12_firmwareMatch1.15.1
asusz11pa-u12Match-
Node
asusz11pa-u12\/10g-2s_firmwareMatch1.15.1
asusz11pa-u12\/10g-2sMatch-
Node
asusknpa-u16_firmwareMatch1.13.4
asusknpa-u16Match-
Node
asusesc4000_dhd_g4_firmwareMatch1.13.7
asusesc4000_dhd_g4Match-
Node
asusesc4000_g4_firmwareMatch1.15.2
asusesc4000_g4Match-
Node
asusrs720q-e9-rs24-s_firmwareMatch1.15.0
asusrs720q-e9-rs24-sMatch-
Node
asusrs720q-e9-rs8_firmwareMatch1.15.0
asusrs720q-e9-rs8Match-
Node
asusrs720q-e9-rs8-s_firmwareMatch1.15.0
asusrs720q-e9-rs8-sMatch-
Node
asusz11pa-d8_firmwareMatch1.14.1
asusz11pa-d8Match-
Node
asusz11pa-d8c_firmwareMatch1.14.1
asusz11pa-d8cMatch-
Node
asusrs720-e9-rs24-u_firmwareMatch1.14.3
asusrs720-e9-rs24-uMatch-
Node
asusrs720-e9-rs8-g_firmwareMatch1.15.2
asusrs720-e9-rs8-gMatch-
Node
asusrs500-e9-ps4_firmwareMatch1.15.4
asusrs500-e9-ps4Match-
Node
asuspro_e800_g4_firmwareMatch1.14.2
asuspro_e800_g4Match-
Node
asusrs500-e9-rs4_firmwareMatch1.15.4
asusrs500-e9-rs4Match-
Node
asusrs500-e9-rs4-u_firmwareMatch1.15.4
asusrs500-e9-rs4-uMatch-
Node
asusrs520-e9-rs12-e_firmwareMatch1.15.3
asusrs520-e9-rs12-eMatch-
Node
asusrs520-e9-rs8_firmwareMatch1.15.3
asusrs520-e9-rs8Match-
Node
asusesc8000_g4_firmwareMatch1.15.4
asusesc8000_g4Match-
Node
asusesc8000_g4\/10g_firmwareMatch1.15.4
asusesc8000_g4\/10gMatch-
Node
asusrs720-e9-rs12-e_firmwareMatch1.15.2
asusrs720-e9-rs12-eMatch-
Node
asusws_c621e_sage_firmwareMatch1.15.1
asusws_c621e_sageMatch-
Node
asusrs500a-e10-ps4_firmwareMatch1.15.2
asusrs500a-e10-ps4Match-
Node
asusrs500a-e10-rs4_firmwareMatch1.15.2
asusrs500a-e10-rs4Match-
Node
asusrs700a-e9-rs12v2_firmwareMatch1.15.1
asusrs700a-e9-rs12v2Match-
Node
asusrs700a-e9-rs4v2_firmwareMatch1.15.1
asusrs700a-e9-rs4v2Match-
Node
asusrs720a-e9-rs12v2_firmwareMatch1.15.2
asusrs720a-e9-rs12v2Match-
Node
asusrs720a-e9-rs24v2_firmwareMatch1.15.1
asusrs720a-e9-rs24v2Match-
Node
asusz11pr-d16_firmwareMatch1.15.3
asusz11pr-d16Match-
| CPE | Name | Operator | Version |
|---|---|---|---|
| asus:asmb9-ikvm_firmware | asus asmb9-ikvm firmware | eq | 1.11.12 |
CNA Affected
[
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
]Related
nvd
nvd
CVE-2021-28195
2021-04-06 05:15:16
cvelist
cvelist
prion
prion
Buffer overflow
2021-04-06 05:15:00
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
5.2 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
71.8%
Related for CVE-2021-28195