CVE-2021-28191

MEDIUM

4.9

Beschreibung

The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE Details

CVSS v3.1 Bewertung4.9

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienHIGH

BenutzerinteraktionNONE

Veroffentlicht4/6/2021

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

asus:asmb9-ikvmasus:asmb9-ikvm_firmwareasus:e700_g4asus:e700_g4_firmwareasus:esc4000_dhd_g4asus:esc4000_dhd_g4_firmwareasus:esc4000_g4asus:esc4000_g4_firmwareasus:esc4000_g4xasus:esc4000_g4x_firmwareasus:esc8000_g4asus:esc8000_g4\/10gasus:esc8000_g4\/10g_firmwareasus:esc8000_g4_firmwareasus:knpa-u16asus:knpa-u16_firmwareasus:pro_e800_g4asus:pro_e800_g4_firmwareasus:rs100-e10-pi2asus:rs100-e10-pi2_firmwareasus:rs300-e10-ps4asus:rs300-e10-ps4_firmwareasus:rs300-e10-rs4asus:rs300-e10-rs4_firmwareasus:rs500-e9-ps4asus:rs500-e9-ps4_firmwareasus:rs500-e9-rs4asus:rs500-e9-rs4-uasus:rs500-e9-rs4-u_firmwareasus:rs500-e9-rs4_firmwareasus:rs500a-e10-ps4asus:rs500a-e10-ps4_firmwareasus:rs500a-e10-rs4asus:rs500a-e10-rs4_firmwareasus:rs500a-e9-ps4asus:rs500a-e9-ps4_firmwareasus:rs500a-e9-rs4asus:rs500a-e9-rs4_firmwareasus:rs500a-e9_rs4_uasus:rs500a-e9_rs4_u_firmwareasus:rs520-e9-rs12-easus:rs520-e9-rs12-e_firmwareasus:rs520-e9-rs8asus:rs520-e9-rs8_firmwareasus:rs700-e9-rs12asus:rs700-e9-rs12_firmwareasus:rs700-e9-rs4asus:rs700-e9-rs4_firmwareasus:rs700a-e9-rs12v2asus:rs700a-e9-rs12v2_firmwareasus:rs700a-e9-rs4asus:rs700a-e9-rs4_firmwareasus:rs700a-e9-rs4v2asus:rs700a-e9-rs4v2_firmwareasus:rs720-e9-rs12-easus:rs720-e9-rs12-e_firmwareasus:rs720-e9-rs24-uasus:rs720-e9-rs24-u_firmwareasus:rs720-e9-rs8-gasus:rs720-e9-rs8-g_firmwareasus:rs720a-e9-rs12v2asus:rs720a-e9-rs12v2_firmwareasus:rs720a-e9-rs24-easus:rs720a-e9-rs24-e_firmwareasus:rs720a-e9-rs24v2asus:rs720a-e9-rs24v2_firmwareasus:rs720q-e9-rs24-sasus:rs720q-e9-rs24-s_firmwareasus:rs720q-e9-rs8asus:rs720q-e9-rs8-sasus:rs720q-e9-rs8-s_firmwareasus:rs720q-e9-rs8_firmwareasus:ws_c422_pro\/seasus:ws_c422_pro\/se_firmwareasus:ws_c621e_sageasus:ws_c621e_sage_firmwareasus:ws_x299_pro\/seasus:ws_x299_pro\/se_firmwareasus:z11pa-d8asus:z11pa-d8_firmwareasus:z11pa-d8casus:z11pa-d8c_firmwareasus:z11pa-u12asus:z11pa-u12\/10g-2sasus:z11pa-u12\/10g-2s_firmwareasus:z11pa-u12_firmwareasus:z11pr-d16asus:z11pr-d16_firmware

Schwachen (CWE)

CWE-120CWE-120

Referenzen

https://www.asus.com/content/ASUS-Product-Security-Advisory/(twcert@cert.org.tw)

https://www.asus.com/tw/support/callus/(twcert@cert.org.tw)

https://www.twcert.org.tw/tw/cp-132-4561-062d0-1.html(twcert@cert.org.tw)

https://www.asus.com/content/ASUS-Product-Security-Advisory/(af854a3a-2127-422b-91ae-364da2661108)

https://www.asus.com/tw/support/callus/(af854a3a-2127-422b-91ae-364da2661108)

https://www.twcert.org.tw/tw/cp-132-4561-062d0-1.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.