Asus

Asmb8-ikvm Firmware

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2023-26602

Exploit
  • EPSS 75.6%
  • Veröffentlicht 26.02.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 07:51:50

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.

6.8

CVE-2021-28205

  • EPSS 0.5%
  • Veröffentlicht 06.04.2021 05:15:17
  • Zuletzt bearbeitet 21.11.2024 05:59:21

The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system...

7.2

CVE-2021-28204

  • EPSS 1.75%
  • Veröffentlicht 06.04.2021 05:15:17
  • Zuletzt bearbeitet 21.11.2024 05:59:21

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command ...

7.2

CVE-2021-28203

  • EPSS 1.75%
  • Veröffentlicht 06.04.2021 05:15:16
  • Zuletzt bearbeitet 21.11.2024 05:59:21

The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.

4.9

CVE-2021-28184

  • EPSS 0.9%
  • Veröffentlicht 06.04.2021 05:15:15
  • Zuletzt bearbeitet 21.11.2024 05:59:16

The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the ...

4.9

CVE-2021-28189

  • EPSS 0.9%
  • Veröffentlicht 06.04.2021 05:15:15
  • Zuletzt bearbeitet 21.11.2024 05:59:17

The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to a...

4.9

CVE-2021-28188

  • EPSS 0.9%
  • Veröffentlicht 06.04.2021 05:15:15
  • Zuletzt bearbeitet 21.11.2024 05:59:17

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote att...

4.9

CVE-2021-28187

  • EPSS 0.66%
  • Veröffentlicht 06.04.2021 05:15:15
  • Zuletzt bearbeitet 21.11.2024 05:59:17

The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers...

4.9

CVE-2021-28186

  • EPSS 0.9%
  • Veröffentlicht 06.04.2021 05:15:15
  • Zuletzt bearbeitet 21.11.2024 05:59:17

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote at...

4.9

CVE-2021-28185

  • EPSS 0.9%
  • Veröffentlicht 06.04.2021 05:15:15
  • Zuletzt bearbeitet 21.11.2024 05:59:16

The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote at...