CVE-2021-28195

EPSS 0.9%
Published 06.04.2021 05:15:16
Last modified 21.11.2024 05:59:18
Source twcert@cert.org.tw
Teams watchlist Login
Open Login

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Affected products Warnungen 0 Metrics 4 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Asus ≫ Asmb9-ikvm Firmware Version1.11.12

Asus ≫ Asmb9-ikvm Version-

Asus ≫ Rs720a-e9-rs24-e Firmware Version1.10.3

Asus ≫ Rs720a-e9-rs24-e Version-

Asus ≫ Rs700a-e9-rs4 Firmware Version1.10.0

Asus ≫ Rs700a-e9-rs4 Version-

Asus ≫ Rs700-e9-rs4 Firmware Version1.09

Asus ≫ Rs700-e9-rs4 Version-

Asus ≫ Esc4000 G4x Firmware Version1.11.6

Asus ≫ Esc4000 G4x Version-

Asus ≫ Rs700-e9-rs12 Firmware Version1.11.5

Asus ≫ Rs700-e9-rs12 Version-

Asus ≫ Rs100-e10-pi2 Firmware Version1.13.6

Asus ≫ Rs100-e10-pi2 Version-

Asus ≫ Rs300-e10-ps4 Firmware Version1.13.6

Asus ≫ Rs300-e10-ps4 Version-

Asus ≫ Rs300-e10-rs4 Firmware Version1.13.6

Asus ≫ Rs300-e10-rs4 Version-

Asus ≫ Rs500a-e9-ps4 Firmware Version1.14.1

Asus ≫ Rs500a-e9-ps4 Version-

Asus ≫ Rs500a-e9-rs4 Firmware Version1.14.1

Asus ≫ Rs500a-e9-rs4 Version-

Asus ≫ Rs500a-e9 Rs4 U Firmware Version1.14.1

Asus ≫ Rs500a-e9 Rs4 U Version-

Asus ≫ E700 G4 Firmware Version1.14.1

Asus ≫ E700 G4 Version-

Asus ≫ Ws C422 Pro/se Firmware Version1.14.1

Asus ≫ Ws C422 Pro/se Version-

Asus ≫ Ws X299 Pro/se Firmware Version1.14.1

Asus ≫ Ws X299 Pro/se Version-

Asus ≫ Z11pa-u12 Firmware Version1.15.1

Asus ≫ Z11pa-u12 Version-

Asus ≫ Z11pa-u12/10g-2s Firmware Version1.15.1

Asus ≫ Z11pa-u12/10g-2s Version-

Asus ≫ Knpa-u16 Firmware Version1.13.4

Asus ≫ Knpa-u16 Version-

Asus ≫ Esc4000 Dhd G4 Firmware Version1.13.7

Asus ≫ Esc4000 Dhd G4 Version-

Asus ≫ Esc4000 G4 Firmware Version1.15.2

Asus ≫ Esc4000 G4 Version-

Asus ≫ Rs720q-e9-rs24-s Firmware Version1.15.0

Asus ≫ Rs720q-e9-rs24-s Version-

Asus ≫ Rs720q-e9-rs8 Firmware Version1.15.0

Asus ≫ Rs720q-e9-rs8 Version-

Asus ≫ Rs720q-e9-rs8-s Firmware Version1.15.0

Asus ≫ Rs720q-e9-rs8-s Version-

Asus ≫ Z11pa-d8 Firmware Version1.14.1

Asus ≫ Z11pa-d8 Version-

Asus ≫ Z11pa-d8c Firmware Version1.14.1

Asus ≫ Z11pa-d8c Version-

Asus ≫ Rs720-e9-rs24-u Firmware Version1.14.3

Asus ≫ Rs720-e9-rs24-u Version-

Asus ≫ Rs720-e9-rs8-g Firmware Version1.15.2

Asus ≫ Rs720-e9-rs8-g Version-

Asus ≫ Rs500-e9-ps4 Firmware Version1.15.4

Asus ≫ Rs500-e9-ps4 Version-

Asus ≫ Pro E800 G4 Firmware Version1.14.2

Asus ≫ Pro E800 G4 Version-

Asus ≫ Rs500-e9-rs4 Firmware Version1.15.4

Asus ≫ Rs500-e9-rs4 Version-

Asus ≫ Rs500-e9-rs4-u Firmware Version1.15.4

Asus ≫ Rs500-e9-rs4-u Version-

Asus ≫ Rs520-e9-rs12-e Firmware Version1.15.3

Asus ≫ Rs520-e9-rs12-e Version-

Asus ≫ Rs520-e9-rs8 Firmware Version1.15.3

Asus ≫ Rs520-e9-rs8 Version-

Asus ≫ Esc8000 G4 Firmware Version1.15.4

Asus ≫ Esc8000 G4 Version-

Asus ≫ Esc8000 G4/10g Firmware Version1.15.4

Asus ≫ Esc8000 G4/10g Version-

Asus ≫ Rs720-e9-rs12-e Firmware Version1.15.2

Asus ≫ Rs720-e9-rs12-e Version-

Asus ≫ Ws C621e Sage Firmware Version1.15.1

Asus ≫ Ws C621e Sage Version-

Asus ≫ Rs500a-e10-ps4 Firmware Version1.15.2

Asus ≫ Rs500a-e10-ps4 Version-

Asus ≫ Rs500a-e10-rs4 Firmware Version1.15.2

Asus ≫ Rs500a-e10-rs4 Version-

Asus ≫ Rs700a-e9-rs12v2 Firmware Version1.15.1

Asus ≫ Rs700a-e9-rs12v2 Version-

Asus ≫ Rs700a-e9-rs4v2 Firmware Version1.15.1

Asus ≫ Rs700a-e9-rs4v2 Version-

Asus ≫ Rs720a-e9-rs12v2 Firmware Version1.15.2

Asus ≫ Rs720a-e9-rs12v2 Version-

Asus ≫ Rs720a-e9-rs24v2 Firmware Version1.15.1

Asus ≫ Rs720a-e9-rs24v2 Version-

Asus ≫ Z11pr-d16 Firmware Version1.15.3

Asus ≫ Z11pr-d16 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.9%	0.734

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P
twcert@cert.org.tw	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

https://www.asus.com/content/ASUS-Product-Security-Advisory/

Vendor Advisory

https://www.asus.com/tw/support/callus/

Vendor Advisory

https://www.twcert.org.tw/tw/cp-132-4565-59c97-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-28195

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-28195

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-28195

EUVD