Search criteria
36 vulnerabilities found for BMC firmware for ASMB8-iKVM by ASUS
CVE-2021-28205 (GCVE-0-2021-28205)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-17 02:21
VLAI?
Title
ASUS BMC's firmware: path traversal - Delete SOL video file function
Summary
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:13.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:22",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103032",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: path traversal - Delete SOL video file function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28205",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: path traversal - Delete SOL video file function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103032",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28205",
"datePublished": "2021-04-06T05:02:22.632520Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T02:21:06.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28204 (GCVE-0-2021-28204)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-17 03:38
VLAI?
Title
ASUS BMC's firmware: command injection - Modify user’s information function
Summary
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
Severity ?
7.2 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4574-b61a6-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Modify user\u2019s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:21",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4574-b61a6-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103031",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: command injection - Modify user\u2019s information function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28204",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: command injection - Modify user\u2019s information function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Modify user\u2019s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4574-b61a6-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4574-b61a6-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103031",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28204",
"datePublished": "2021-04-06T05:02:21.835796Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T03:38:49.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28203 (GCVE-0-2021-28203)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 23:51
VLAI?
Title
ASUS BMC's firmware: command injection - Web Set Media Image function
Summary
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
Severity ?
7.2 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4573-aa336-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web Set Media Image function in ASUS BMC\u2019s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:20",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4573-aa336-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103030",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: command injection - Web Set Media Image function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28203",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: command injection - Web Set Media Image function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Set Media Image function in ASUS BMC\u2019s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4573-aa336-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4573-aa336-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103030",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28203",
"datePublished": "2021-04-06T05:02:20.959775Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T23:51:25.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28189 (GCVE-0-2021-28189)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-17 02:21
VLAI?
Title
ASUS BMC's firmware: buffer overflow - SMTP configuration function
Summary
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4559-ad2b5-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SMTP configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:09",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4559-ad2b5-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103016",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - SMTP configuration function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28189",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - SMTP configuration function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMTP configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4559-ad2b5-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4559-ad2b5-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103016",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28189",
"datePublished": "2021-04-06T05:02:09.503866Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T02:21:09.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28188 (GCVE-0-2021-28188)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 16:22
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Modify user’s information function
Summary
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4558-ad16e-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Modify user\u2019s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:08",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4558-ad16e-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103015",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Modify user\u2019s information function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28188",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Modify user\u2019s information function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Modify user\u2019s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4558-ad16e-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4558-ad16e-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103015",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28188",
"datePublished": "2021-04-06T05:02:08.812420Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T16:22:42.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28187 (GCVE-0-2021-28187)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 17:03
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Generate new SSL certificate
Summary
The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4557-1019f-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:08",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4557-1019f-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103014",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Generate new SSL certificate",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28187",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Generate new SSL certificate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4557-1019f-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4557-1019f-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103014",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28187",
"datePublished": "2021-04-06T05:02:08.095961Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T17:03:45.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28186 (GCVE-0-2021-28186)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 23:55
VLAI?
Title
ASUS BMC's firmware: buffer overflow - ActiveX configuration-2 acquisition
Summary
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:13.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4556-ece3d-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:07",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4556-ece3d-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103013",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - ActiveX configuration-2 acquisition",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28186",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - ActiveX configuration-2 acquisition"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4556-ece3d-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4556-ece3d-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103013",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28186",
"datePublished": "2021-04-06T05:02:07.331002Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T23:55:35.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28185 (GCVE-0-2021-28185)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 22:08
VLAI?
Title
ASUS BMC's firmware: buffer overflow - ActiveX configuration-1 acquisition
Summary
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4555-3c7c3-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:06",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4555-3c7c3-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103012",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - ActiveX configuration-1 acquisition",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28185",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - ActiveX configuration-1 acquisition"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4555-3c7c3-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4555-3c7c3-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103012",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28185",
"datePublished": "2021-04-06T05:02:06.544964Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T22:08:33.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28184 (GCVE-0-2021-28184)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 20:31
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Active Directory configuration function
Summary
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4554-10a74-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Active Directory configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:05",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4554-10a74-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103011",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Active Directory configuration function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28184",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Active Directory configuration function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Active Directory configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4554-10a74-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4554-10a74-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103011",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28184",
"datePublished": "2021-04-06T05:02:05.742701Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T20:31:30.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28182 (GCVE-0-2021-28182)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 21:07
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Web Service configuration function
Summary
The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4552-5b2c4-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web Service configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:04",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4552-5b2c4-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103009",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Web Service configuration function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28182",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Web Service configuration function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Service configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4552-5b2c4-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4552-5b2c4-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103009",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28182",
"datePublished": "2021-04-06T05:02:04.186378Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T21:07:24.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28183 (GCVE-0-2021-28183)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-17 03:48
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Web License configuration setting
Summary
The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4553-06ae2-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:04",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4553-06ae2-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103010",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Web License configuration setting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28183",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Web License configuration setting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4553-06ae2-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4553-06ae2-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103010",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28183",
"datePublished": "2021-04-06T05:02:04.922971Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T03:48:00.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28181 (GCVE-0-2021-28181)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-17 00:31
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Remote video configuration setting
Summary
The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4551-5dd2f-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:03",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4551-5dd2f-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103008",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Remote video configuration setting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28181",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Remote video configuration setting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4551-5dd2f-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4551-5dd2f-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103008",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28181",
"datePublished": "2021-04-06T05:02:03.499261Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T00:31:42.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28179 (GCVE-0-2021-28179)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-17 01:05
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Media support configuration setting
Summary
The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4549-c97ba-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:02",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4549-c97ba-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103006",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Media support configuration setting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28179",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Media support configuration setting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4549-c97ba-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4549-c97ba-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28179",
"datePublished": "2021-04-06T05:02:02.122734Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T01:05:48.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28180 (GCVE-0-2021-28180)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 23:16
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Audit log configuration setting
Summary
The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4550-5ee8c-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:02",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4550-5ee8c-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103007",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Audit log configuration setting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28180",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Audit log configuration setting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4550-5ee8c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4550-5ee8c-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103007",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28180",
"datePublished": "2021-04-06T05:02:02.815119Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T23:16:47.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28178 (GCVE-0-2021-28178)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 17:38
VLAI?
Title
ASUS BMC's firmware: buffer overflow - UEFI configuration function
Summary
The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4548-7a2c6-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UEFI configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:01",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4548-7a2c6-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103005",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - UEFI configuration function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28178",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - UEFI configuration function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UEFI configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4548-7a2c6-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4548-7a2c6-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103005",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28178",
"datePublished": "2021-04-06T05:02:01.322935Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T17:38:58.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28205 (GCVE-0-2021-28205)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-17 02:21
VLAI?
Title
ASUS BMC's firmware: path traversal - Delete SOL video file function
Summary
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:13.302Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:22",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103032",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: path traversal - Delete SOL video file function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28205",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: path traversal - Delete SOL video file function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103032",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28205",
"datePublished": "2021-04-06T05:02:22.632520Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T02:21:06.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28204 (GCVE-0-2021-28204)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-17 03:38
VLAI?
Title
ASUS BMC's firmware: command injection - Modify user’s information function
Summary
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
Severity ?
7.2 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4574-b61a6-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Modify user\u2019s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:21",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4574-b61a6-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103031",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: command injection - Modify user\u2019s information function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28204",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: command injection - Modify user\u2019s information function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Modify user\u2019s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4574-b61a6-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4574-b61a6-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103031",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28204",
"datePublished": "2021-04-06T05:02:21.835796Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T03:38:49.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28203 (GCVE-0-2021-28203)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-16 23:51
VLAI?
Title
ASUS BMC's firmware: command injection - Web Set Media Image function
Summary
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
Severity ?
7.2 (High)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4573-aa336-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web Set Media Image function in ASUS BMC\u2019s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:20",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4573-aa336-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103030",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: command injection - Web Set Media Image function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28203",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: command injection - Web Set Media Image function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Set Media Image function in ASUS BMC\u2019s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4573-aa336-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4573-aa336-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103030",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28203",
"datePublished": "2021-04-06T05:02:20.959775Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T23:51:25.462Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28189 (GCVE-0-2021-28189)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-17 02:21
VLAI?
Title
ASUS BMC's firmware: buffer overflow - SMTP configuration function
Summary
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.875Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4559-ad2b5-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The SMTP configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:09",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4559-ad2b5-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103016",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - SMTP configuration function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28189",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - SMTP configuration function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SMTP configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4559-ad2b5-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4559-ad2b5-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103016",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28189",
"datePublished": "2021-04-06T05:02:09.503866Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T02:21:09.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28188 (GCVE-0-2021-28188)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-16 16:22
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Modify user’s information function
Summary
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4558-ad16e-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Modify user\u2019s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:08",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4558-ad16e-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103015",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Modify user\u2019s information function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28188",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Modify user\u2019s information function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Modify user\u2019s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4558-ad16e-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4558-ad16e-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103015",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28188",
"datePublished": "2021-04-06T05:02:08.812420Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T16:22:42.826Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28187 (GCVE-0-2021-28187)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-16 17:03
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Generate new SSL certificate
Summary
The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4557-1019f-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:08",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4557-1019f-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103014",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Generate new SSL certificate",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28187",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Generate new SSL certificate"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4557-1019f-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4557-1019f-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103014",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28187",
"datePublished": "2021-04-06T05:02:08.095961Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T17:03:45.222Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28186 (GCVE-0-2021-28186)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-16 23:55
VLAI?
Title
ASUS BMC's firmware: buffer overflow - ActiveX configuration-2 acquisition
Summary
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:13.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4556-ece3d-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:07",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4556-ece3d-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103013",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - ActiveX configuration-2 acquisition",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28186",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - ActiveX configuration-2 acquisition"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4556-ece3d-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4556-ece3d-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103013",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28186",
"datePublished": "2021-04-06T05:02:07.331002Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T23:55:35.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28185 (GCVE-0-2021-28185)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-16 22:08
VLAI?
Title
ASUS BMC's firmware: buffer overflow - ActiveX configuration-1 acquisition
Summary
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.204Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4555-3c7c3-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:06",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4555-3c7c3-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103012",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - ActiveX configuration-1 acquisition",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28185",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - ActiveX configuration-1 acquisition"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4555-3c7c3-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4555-3c7c3-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103012",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28185",
"datePublished": "2021-04-06T05:02:06.544964Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T22:08:33.875Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28184 (GCVE-0-2021-28184)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-16 20:31
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Active Directory configuration function
Summary
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4554-10a74-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Active Directory configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:05",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4554-10a74-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103011",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Active Directory configuration function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28184",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Active Directory configuration function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Active Directory configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4554-10a74-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4554-10a74-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103011",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28184",
"datePublished": "2021-04-06T05:02:05.742701Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T20:31:30.262Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28182 (GCVE-0-2021-28182)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-16 21:07
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Web Service configuration function
Summary
The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4552-5b2c4-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Web Service configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:04",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4552-5b2c4-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103009",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Web Service configuration function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28182",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Web Service configuration function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Service configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4552-5b2c4-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4552-5b2c4-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103009",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28182",
"datePublished": "2021-04-06T05:02:04.186378Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T21:07:24.302Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28183 (GCVE-0-2021-28183)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-17 03:48
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Web License configuration setting
Summary
The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4553-06ae2-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:04",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4553-06ae2-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103010",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Web License configuration setting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28183",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Web License configuration setting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4553-06ae2-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4553-06ae2-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103010",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28183",
"datePublished": "2021-04-06T05:02:04.922971Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T03:48:00.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28181 (GCVE-0-2021-28181)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-17 00:31
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Remote video configuration setting
Summary
The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4551-5dd2f-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:03",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4551-5dd2f-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103008",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Remote video configuration setting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28181",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Remote video configuration setting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4551-5dd2f-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4551-5dd2f-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103008",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28181",
"datePublished": "2021-04-06T05:02:03.499261Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T00:31:42.608Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28179 (GCVE-0-2021-28179)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-17 01:05
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Media support configuration setting
Summary
The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.296Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4549-c97ba-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:02",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4549-c97ba-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103006",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Media support configuration setting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28179",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Media support configuration setting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4549-c97ba-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4549-c97ba-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28179",
"datePublished": "2021-04-06T05:02:02.122734Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T01:05:48.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28180 (GCVE-0-2021-28180)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-16 23:16
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Audit log configuration setting
Summary
The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.215Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4550-5ee8c-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:02",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4550-5ee8c-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103007",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Audit log configuration setting",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28180",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Audit log configuration setting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4550-5ee8c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4550-5ee8c-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103007",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28180",
"datePublished": "2021-04-06T05:02:02.815119Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T23:16:47.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28178 (GCVE-0-2021-28178)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-16 17:38
VLAI?
Title
ASUS BMC's firmware: buffer overflow - UEFI configuration function
Summary
The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for Z10PR-D16 |
Affected:
1.14.51
|
||||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.308Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4548-7a2c6-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for Z10PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for ASMB8-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.51"
}
]
},
{
"product": "BMC firmware for Z10PE-D16 WS",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The UEFI configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:01",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4548-7a2c6-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103005",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - UEFI configuration function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28178",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - UEFI configuration function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for Z10PR-D16",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for ASMB8-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.51"
}
]
}
},
{
"product_name": "BMC firmware for Z10PE-D16 WS",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.14.2"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UEFI configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4548-7a2c6-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4548-7a2c6-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"
}
],
"source": {
"advisory": "TVN-202103005",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28178",
"datePublished": "2021-04-06T05:02:01.322935Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T17:38:58.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}