Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-28197
HistoryApr 06, 2021 - 5:15 a.m.

CVE-2021-28197

2021-04-0605:15:16
CWE-120
[email protected]
web.nvd.nist.gov
5
asus
bmc
firmware
buffer overflow
vulnerability
web service
remote attackers

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

71.8%

JSON

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Affected configurations

Nvd
Node
asusasmb9-ikvm_firmwareMatch1.11.12
AND
asusasmb9-ikvmMatch-
Node
asusrs720a-e9-rs24-e_firmwareMatch1.10.3
AND
asusrs720a-e9-rs24-eMatch-
Node
asusrs700a-e9-rs4_firmwareMatch1.10.0
AND
asusrs700a-e9-rs4Match-
Node
asusrs700-e9-rs4_firmwareMatch1.09
AND
asusrs700-e9-rs4Match-
Node
asusesc4000_g4x_firmwareMatch1.11.6
AND
asusesc4000_g4xMatch-
Node
asusrs700-e9-rs12_firmwareMatch1.11.5
AND
asusrs700-e9-rs12Match-
Node
asusrs100-e10-pi2_firmwareMatch1.13.6
AND
asusrs100-e10-pi2Match-
Node
asusrs300-e10-ps4_firmwareMatch1.13.6
AND
asusrs300-e10-ps4Match-
Node
asusrs300-e10-rs4_firmwareMatch1.13.6
AND
asusrs300-e10-rs4Match-
Node
asusrs500a-e9-ps4_firmwareMatch1.14.1
AND
asusrs500a-e9-ps4Match-
Node
asusrs500a-e9-rs4_firmwareMatch1.14.1
AND
asusrs500a-e9-rs4Match-
Node
asusrs500a-e9_rs4_u_firmwareMatch1.14.1
AND
asusrs500a-e9_rs4_uMatch-
Node
asuse700_g4_firmwareMatch1.14.1
AND
asuse700_g4Match-
Node
asusws_c422_pro\/se_firmwareMatch1.14.1
AND
asusws_c422_pro\/seMatch-
Node
asusws_x299_pro\/se_firmwareMatch1.14.1
AND
asusws_x299_pro\/seMatch-
Node
asusz11pa-u12_firmwareMatch1.15.1
AND
asusz11pa-u12Match-
Node
asusz11pa-u12\/10g-2s_firmwareMatch1.15.1
AND
asusz11pa-u12\/10g-2sMatch-
Node
asusknpa-u16_firmwareMatch1.13.4
AND
asusknpa-u16Match-
Node
asusesc4000_dhd_g4_firmwareMatch1.13.7
AND
asusesc4000_dhd_g4Match-
Node
asusesc4000_g4_firmwareMatch1.15.2
AND
asusesc4000_g4Match-
Node
asusrs720q-e9-rs24-s_firmwareMatch1.15.0
AND
asusrs720q-e9-rs24-sMatch-
Node
asusrs720q-e9-rs8_firmwareMatch1.15.0
AND
asusrs720q-e9-rs8Match-
Node
asusrs720q-e9-rs8-s_firmwareMatch1.15.0
AND
asusrs720q-e9-rs8-sMatch-
Node
asusz11pa-d8_firmwareMatch1.14.1
AND
asusz11pa-d8Match-
Node
asusz11pa-d8c_firmwareMatch1.14.1
AND
asusz11pa-d8cMatch-
Node
asusrs720-e9-rs24-u_firmwareMatch1.14.3
AND
asusrs720-e9-rs24-uMatch-
Node
asusrs720-e9-rs8-g_firmwareMatch1.15.2
AND
asusrs720-e9-rs8-gMatch-
Node
asusrs500-e9-ps4_firmwareMatch1.15.4
AND
asusrs500-e9-ps4Match-
Node
asuspro_e800_g4_firmwareMatch1.14.2
AND
asuspro_e800_g4Match-
Node
asusrs500-e9-rs4Match-
AND
asusrs500-e9-rs4_firmwareMatch1.15.4
Node
asusrs500-e9-rs4-uMatch-
AND
asusrs500-e9-rs4-u_firmwareMatch1.15.4
Node
asusrs520-e9-rs12-eMatch-
AND
asusrs520-e9-rs12-e_firmwareMatch1.15.3
Node
asusrs520-e9-rs8Match-
AND
asusrs520-e9-rs8_firmwareMatch1.15.3
Node
asusesc8000_g4Match-
AND
asusesc8000_g4_firmwareMatch1.15.4
Node
asusesc8000_g4\/10gMatch-
AND
asusesc8000_g4\/10g_firmwareMatch1.15.4
Node
asusrs720-e9-rs12-eMatch-
AND
asusrs720-e9-rs12-e_firmwareMatch1.15.2
Node
asusws_c621e_sageMatch-
AND
asusws_c621e_sage_firmwareMatch1.15.1
Node
asusrs500a-e10-ps4_firmwareMatch1.15.2
AND
asusrs500a-e10-ps4Match-
Node
asusrs500a-e10-rs4_firmwareMatch1.15.2
AND
asusrs500a-e10-rs4Match-
Node
asusrs700a-e9-rs12v2_firmwareMatch1.15.1
AND
asusrs700a-e9-rs12v2Match-
Node
asusrs700a-e9-rs4v2_firmwareMatch1.15.1
AND
asusrs700a-e9-rs4v2Match-
Node
asusrs720a-e9-rs12v2_firmwareMatch1.15.2
AND
asusrs720a-e9-rs12v2Match-
Node
asusrs720a-e9-rs24v2_firmwareMatch1.15.1
AND
asusrs720a-e9-rs24v2Match-
Node
asusz11pr-d16_firmwareMatch1.15.3
AND
asusz11pr-d16Match-
VendorProductVersionCPE
asusasmb9-ikvm_firmware1.11.12cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*
asusasmb9-ikvm-cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*
asusrs720a-e9-rs24-e_firmware1.10.3cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*
asusrs720a-e9-rs24-e-cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*
asusrs700a-e9-rs4_firmware1.10.0cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*
asusrs700a-e9-rs4-cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*
asusrs700-e9-rs4_firmware1.09cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*
asusrs700-e9-rs4-cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*
asusesc4000_g4x_firmware1.11.6cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*
asusesc4000_g4x-cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*
Rows per page:
1-10 of 881

Related

prion 1
cve 1
cvelist 1
prion
prion
Buffer overflow
2021-04-06 05:15:00
cve
cve
CVE-2021-28197
2021-04-06 05:15:16
cvelist
cvelist
CVE-2021-28197 ASUS BMC's firmware: buffer overflow - Active Directory configuration function
2021-04-06 05:02:16

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

0.003

Percentile

71.8%

JSON
Related for NVD:CVE-2021-28197
prion1cve1cvelist1