← voltar
CVE-2021-28199

ASUS BMC's firmware: buffer overflow - Modify user’s information function

CVSS 4.9 MEDIUMEPSS 1.8%CWE-120
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Produtos afetados
ASUS · BMC firmware for ASMB9-iKVMASUS · BMC firmware for E700 G4ASUS · BMC firmware for ESC4000 DHD G4ASUS · BMC firmware for ESC4000 G4ASUS · BMC firmware for ESC4000 G4XASUS · BMC firmware for ESC8000 G4ASUS · BMC firmware for ESC8000 G4/10GASUS · BMC firmware for KNPA-U16ASUS · BMC firmware for Pro E800 G4ASUS · BMC firmware for RS100-E10-PI2ASUS · BMC firmware for RS300-E10-PS4ASUS · BMC firmware for RS300-E10-RS4ASUS · BMC firmware for RS500A-E10-PS4ASUS · BMC firmware for RS500A-E10-RS4ASUS · BMC firmware for RS500A-E9-PS4ASUS · BMC firmware for RS500A-E9 RS4ASUS · BMC firmware for RS500A-E9-RS4ASUS · BMC firmware for RS500-E9-PS4ASUS · BMC firmware for RS500-E9-RS4ASUS · BMC firmware for RS500-E9-RS4-UASUS · BMC firmware for RS520-E9-RS12-EASUS · BMC firmware for RS520-E9-RS8ASUS · BMC firmware for RS700A-E9-RS12V2ASUS · BMC firmware for RS700A-E9-RS4ASUS · BMC firmware for RS700A-E9-RS4V2ASUS · BMC firmware for RS700-E9-RS12ASUS · BMC firmware for RS700-E9-RS4ASUS · BMC firmware for RS720A-E9-RS12V2ASUS · BMC firmware for RS720A-E9-RS24-EASUS · BMC firmware for RS720A-E9-RS24V2ASUS · BMC firmware for RS720-E9-RS12-EASUS · BMC firmware for RS720-E9-RS24-UASUS · BMC firmware for RS720-E9-RS8-GASUS · BMC firmware for RS720Q-E9-RS24-SASUS · BMC firmware for RS720Q-E9-RS8ASUS · BMC firmware for RS720Q-E9-RS8-SASUS · BMC firmware for WS C422 PRO/SEASUS · BMC firmware for WS C621E SAGEASUS · BMC firmware for WS X299 PRO/SEASUS · BMC firmware for Z11PA-D8ASUS · BMC firmware for Z11PA-D8CASUS · BMC firmware for Z11PA-U12ASUS · BMC firmware for Z11PA-U12/10G-2SASUS · BMC firmware for Z11PR-D16

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.asus.com/content/ASUS-Product-Security-Advisory/https://www.asus.com/tw/support/callus/https://www.twcert.org.tw/tw/cp-132-4569-6b391-1.html