CVE-2021-28199

Description

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS breakdown

Affected products

• ASUS / BMC firmware for ASMB9-iKVM1.11.12 – 1.11.12
• ASUS / BMC firmware for E700 G41.14.1 – 1.14.1
• ASUS / BMC firmware for ESC4000 DHD G41.13.7 – 1.13.7
• ASUS / BMC firmware for ESC4000 G41.15.2 – 1.15.2
• ASUS / BMC firmware for ESC4000 G4X1.11.6 – 1.11.6
• ASUS / BMC firmware for ESC8000 G41.15.4 – 1.15.4
• ASUS / BMC firmware for ESC8000 G4/10G1.15.4 – 1.15.4
• ASUS / BMC firmware for KNPA-U161.13.4 – 1.13.4
• ASUS / BMC firmware for Pro E800 G41.14.2 – 1.14.2
• ASUS / BMC firmware for RS100-E10-PI21.13.6 – 1.13.6
• ASUS / BMC firmware for RS300-E10-PS41.13.6 – 1.13.6
• ASUS / BMC firmware for RS300-E10-RS41.13.6 – 1.13.6
• ASUS / BMC firmware for RS500A-E10-PS41.15.2 – 1.15.2
• ASUS / BMC firmware for RS500A-E10-RS41.15.2 – 1.15.2
• ASUS / BMC firmware for RS500A-E9-PS41.14.1 – 1.14.1
• ASUS / BMC firmware for RS500A-E9-RS41.14.1 – 1.14.1
• ASUS / BMC firmware for RS500-E9-PS41.15.4 – 1.15.4
• ASUS / BMC firmware for RS500-E9-RS41.15.4 – 1.15.4
• ASUS / BMC firmware for RS500-E9-RS4-U1.15.4 – 1.15.4
• ASUS / BMC firmware for RS520-E9-RS12-E1.15.3 – 1.15.3
• ASUS / BMC firmware for RS520-E9-RS81.15.3 – 1.15.3
• ASUS / BMC firmware for RS700A-E9-RS12V21.15.1 – 1.15.1
• ASUS / BMC firmware for RS700A-E9-RS41.10.0 – 1.10.0
• ASUS / BMC firmware for RS700A-E9-RS4V21.15.1 – 1.15.1
• ASUS / BMC firmware for RS700-E9-RS121.11.5 – 1.11.5
• ASUS / BMC firmware for RS700-E9-RS41.09 – 1.09
• ASUS / BMC firmware for RS720A-E9-RS12V21.15.2 – 1.15.2
• ASUS / BMC firmware for RS720A-E9-RS24-E1.10.3 – 1.10.3
• ASUS / BMC firmware for RS720A-E9-RS24V21.15.1 – 1.15.1
• ASUS / BMC firmware for RS720-E9-RS12-E1.15.2 – 1.15.2
• ASUS / BMC firmware for RS720-E9-RS24-U1.14.3 – 1.14.3
• ASUS / BMC firmware for RS720-E9-RS8-G1.15.2 – 1.15.2
• ASUS / BMC firmware for RS720Q-E9-RS24-S1.15.0 – 1.15.0
• ASUS / BMC firmware for RS720Q-E9-RS81.15.0 – 1.15.0
• ASUS / BMC firmware for RS720Q-E9-RS8-S1.15.0 – 1.15.0
• ASUS / BMC firmware for WS C422 PRO/SE1.14.1 – 1.14.1
• ASUS / BMC firmware for WS C621E SAGE1.15.1 – 1.15.1
• ASUS / BMC firmware for WS X299 PRO/SE1.14.1 – 1.14.1
• ASUS / BMC firmware for Z11PA-D81.14.1 – 1.14.1
• ASUS / BMC firmware for Z11PA-D8C1.14.1 – 1.14.1
• ASUS / BMC firmware for Z11PA-U121.15.1 – 1.15.1
• ASUS / BMC firmware for Z11PA-U12/10G-2S1.15.1 – 1.15.1
• ASUS / BMC firmware for Z11PR-D161.15.3 – 1.15.3

References

• MISChttps://www.asus.com/content/ASUS-Product-Security-Advisory/
• MISChttps://www.asus.com/tw/support/callus/
• MISChttps://www.twcert.org.tw/tw/cp-132-4569-6b391-1.html