Search criteria
51 vulnerabilities found for rs100-e10-pi2_firmware by asus
FKIE_CVE-2021-28208
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
},
{
"lang": "es",
"value": "La funci\u00f3n specific en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC (Obtiene la funci\u00f3n de archivo de video) no filtra el par\u00e1metro specific.\u0026#xa0;Como obtener el permiso de administrador, unos atacantes remotos pueden usar los medios de salto de ruta para acceder a unos archivos del sistema"
}
],
"id": "CVE-2021-28208",
"lastModified": "2024-11-21T05:59:21.967",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:17.393",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28206
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
},
{
"lang": "es",
"value": "La funci\u00f3n specific en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC (Graba la funci\u00f3n de archivo de video) no filtra el par\u00e1metro specific.\u0026#xa0;Como obtener el permiso de administrador, unos atacantes remotos pueden usar los medios de salto de ruta para acceder a unos archivos del sistema"
}
],
"id": "CVE-2021-28206",
"lastModified": "2024-11-21T05:59:21.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:17.237",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4576-422ac-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4576-422ac-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28207
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
},
{
"lang": "es",
"value": "La funci\u00f3n specific en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC (Obtiene la funci\u00f3n de archivo Help) no filtra el par\u00e1metro specific.\u0026#xa0;Como obtener el permiso de administrador, unos atacantes remotos pueden usar los medios de salto de ruta para acceder a los archivos del sistema"
}
],
"id": "CVE-2021-28207",
"lastModified": "2024-11-21T05:59:21.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:17.333",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4577-60153-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4577-60153-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28209
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
},
{
"lang": "es",
"value": "La funci\u00f3n specific en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC (Borra la funci\u00f3n de archivo de video) no filtra el par\u00e1metro specific.\u0026#xa0;Como obtener el permiso de administrador, unos atacantes remotos pueden usar los medios de salto de ruta para acceder a unos archivos del sistema"
}
],
"id": "CVE-2021-28209",
"lastModified": "2024-11-21T05:59:22.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:17.473",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28202
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Service configuration-2 function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
},
{
"lang": "es",
"value": "La funci\u00f3n de configuraci\u00f3n 2 del Servicio en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC, no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer.\u0026#xa0;Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"
}
],
"id": "CVE-2021-28202",
"lastModified": "2024-11-21T05:59:20.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:16.847",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28199
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Modify user\u2019s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
},
{
"lang": "es",
"value": "La funci\u00f3n specific en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC (Modifica la funci\u00f3n de informaci\u00f3n del usuario) no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer.\u0026#xa0;Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"
}
],
"id": "CVE-2021-28199",
"lastModified": "2024-11-21T05:59:20.350",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:16.583",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4569-6b391-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4569-6b391-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28200
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CD media configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
},
{
"lang": "es",
"value": "La funci\u00f3n de configuraci\u00f3n multimedia CD en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC, no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer.\u0026#xa0;Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"
}
],
"id": "CVE-2021-28200",
"lastModified": "2024-11-21T05:59:20.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:16.660",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4570-4d216-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4570-4d216-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28193
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The SMTP configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
},
{
"lang": "es",
"value": "La funci\u00f3n de configuraci\u00f3n de SMTP en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC, no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer.\u0026#xa0;Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"
}
],
"id": "CVE-2021-28193",
"lastModified": "2024-11-21T05:59:18.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:16.067",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4563-e4092-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4563-e4092-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28201
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Service configuration-1 function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
},
{
"lang": "es",
"value": "La funci\u00f3n de configuraci\u00f3n 1 del Servicio en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC, no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer. Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"
}
],
"id": "CVE-2021-28201",
"lastModified": "2024-11-21T05:59:20.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:16.737",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28194
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
},
{
"lang": "es",
"value": "La funci\u00f3n specific en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC (ajuste de configuraci\u00f3n de imagen remota) no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer.\u0026#xa0;Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"
}
],
"id": "CVE-2021-28194",
"lastModified": "2024-11-21T05:59:18.410",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:16.143",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4564-7ef3d-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4564-7ef3d-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28196
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
},
{
"lang": "es",
"value": "La funci\u00f3n specific en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC (Genera la funci\u00f3n del certificado SSL) no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer.\u0026#xa0;Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"
}
],
"id": "CVE-2021-28196",
"lastModified": "2024-11-21T05:59:18.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:16.333",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4566-9154b-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4566-9154b-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28197
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Active Directory configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
},
{
"lang": "es",
"value": "La funci\u00f3n de configuraci\u00f3n de Active Directory en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer.\u0026#xa0;Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"
}
],
"id": "CVE-2021-28197",
"lastModified": "2024-11-21T05:59:19.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:16.427",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4567-34350-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4567-34350-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28195
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Radius configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
},
{
"lang": "es",
"value": "La funci\u00f3n de configuraci\u00f3n de Radius en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC, no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer.\u0026#xa0;Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"
}
],
"id": "CVE-2021-28195",
"lastModified": "2024-11-21T05:59:18.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:16.223",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4565-59c97-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4565-59c97-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28198
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Firmware protocol configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
},
{
"lang": "es",
"value": "La funci\u00f3n de configuraci\u00f3n de protocolo del Firmware en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC, no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer.\u0026#xa0;Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"
}
],
"id": "CVE-2021-28198",
"lastModified": "2024-11-21T05:59:20.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:16.503",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4568-627f7-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4568-627f7-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28191
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Firmware update function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
},
{
"lang": "es",
"value": "La funci\u00f3n de actualizaci\u00f3n de Firmware en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC, no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer.\u0026#xa0;Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"
}
],
"id": "CVE-2021-28191",
"lastModified": "2024-11-21T05:59:17.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:15.880",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4561-062d0-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4561-062d0-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28190
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
},
{
"lang": "es",
"value": "La funci\u00f3n specific en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC (Genera una nueva funci\u00f3n de certificado) no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer.\u0026#xa0;Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"
}
],
"id": "CVE-2021-28190",
"lastModified": "2024-11-21T05:59:17.637",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:15.800",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4560-2f01f-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4560-2f01f-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-28192
Vulnerability from fkie_nvd - Published: 2021-04-06 05:15 - Updated: 2024-11-21 05:59
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Summary
The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40A54A0A-77FA-4A52-8B6C-27037BC8B49A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8403F521-6213-455E-B7EE-BA6979DCECE0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6DA68530-98FD-422C-AFED-F4A8D51A18FC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4210DAC9-9728-4235-A2A6-4BE1673A3087",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "01DEDE99-AABB-4B29-A7E8-FA88CCB64E08",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D1897CBA-FD13-4289-AC42-DE2644BB6607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CF24B07-D05B-48CF-8778-DBA503D824A7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C616EB3-7257-4A4B-93D2-77020DAC7D34",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "377A6E37-7B30-4460-B51F-99FCD572266C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "39FA5F21-3500-454A-AF5E-809A0C9E1CD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12A33A3C-19C5-456C-B25F-18C706611853",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2C79FC84-D468-4056-BCB6-789C6DFED310",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17455F9-1D00-4510-A79A-6BDDBB6F1B52",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3B8C7C6-88CB-4A50-A0CE-69B8157774CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FA81076-C066-4F9A-B6DD-89C0A1E87007",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AC487249-AEF5-412C-B1E7-F68119C154C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE0FF60-E688-46C4-8CEE-569C2273BA77",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D6CF74-1AEE-4616-8098-AF286859CD4C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB4E233-E97F-4E9E-89AF-FC27E10419CB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "315EF6C1-97EF-4939-9DE1-03FC3668DDD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D53B32DC-D011-44BB-AA62-CCCC1643BD0B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC22D5D-87E1-418C-99C8-A25BECC964E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC848711-32AF-462E-A06F-60BB7E1D33BC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c422_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c422_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "77921CC6-3F8D-4408-AED2-009CBD39B7E7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_x299_pro\\/se_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C269611C-67CB-403F-BE35-E723AF0ED0F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_x299_pro\\/se:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-u12\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "690FF817-248D-4978-BDBD-8039586F7AB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-u12\\/10g-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33288B-ECEF-4068-B501-E9ADD2B19F7A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E15C09F1-E09B-437E-980E-A13D05A68C70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF0A76CD-3932-4233-BFD7-661363938859",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5062001F-935D-4FE5-831D-C5113DA1D2DE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C233178A-7C83-4753-9ED8-325D79111FDD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4E9BA009-703C-4F9F-91FD-601CE4355C30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C896942-DE33-4134-B2F6-25DF85EC8D4D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "64831F59-CE1E-4546-8A39-9FA45F8E0563",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C935BA3-7F5B-4D6E-BF5B-14E028236CB8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "07E73697-10BD-49B1-AC1B-B44FEFFEF631",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "96F0C227-097C-4BE5-BBCA-349914CF7BC8",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E9D8BF26-2263-4077-A831-11719C7C20C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "648DAD72-3535-43C1-A44E-EEC9102690B6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F85E29D2-55B6-4EBB-80F7-1429752C74FB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3FF951D-A07D-465D-BEF8-44359445D66E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B8F86A9-542D-424D-B539-E841A1CF6657",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "32A1DF9A-944A-4CDB-A784-0F894C5A0C54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC2F649-A059-4AED-8463-5E1B3EA312E2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC616DB9-EA78-466C-8B33-D1ECE36D7861",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB6AD8E-7D3D-46A3-8919-339095DE5848",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "45A849AB-C3E4-4E77-9A65-4D9F08ACA155",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FB6CF829-87F0-4351-8F26-D09277A53FA9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "34E98952-7995-4FE6-BFE5-9C11AC99CD6D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0ECC375-C875-467B-BF98-57E2AEEE10DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9386AD14-6121-4E68-86D2-C78128BE6C55",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27300D49-3E43-469F-9B1A-A9CC9A03853C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F81AC089-04F7-4199-82CE-28DE60C6FC53",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "853F7236-2636-4CC5-8F09-A8FEA127EB3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCFD494-6259-470A-B646-8CDD0CBB4540",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:esc8000_g4\\/10g_firmware:1.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E23F2DA0-453A-4F62-9C21-A5A7606D99E5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:esc8000_g4\\/10g:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4AD933F6-B839-4B26-AA9A-0382FDC8F65C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBC4899-D7AC-4DCC-A324-A41DC1605FD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C332F85-C27F-4DBA-A681-EBDC07193905",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "571D5376-2F83-4285-970A-337E30F7D513",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C584935A-9088-4EA5-850A-61B5741A6317",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2029BD82-2142-4BAA-9220-D22B1A526A5A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05CE886A-53E2-4E7B-831B-847D78E91FDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "543BB762-76C9-41FB-A503-B67006E0313B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D0726ED-4CFC-4D58-93C1-E1250A76AE13",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FA41003D-2891-4B7F-B29C-C4863376FD30",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "549BC8D5-BFEC-431B-80CE-EDA1EF73A515",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CB631682-03BC-4880-9E22-D65F29E81EE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5814D41F-0C3F-4DDA-91F0-0225C93B1C52",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A9D9D22-7280-4D07-9870-9EA042C46E36",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8884EA18-4106-4841-ACA5-C317D004AA22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E543339C-03F9-46F3-9B33-AB1BDB827989",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5866377B-3F1A-4AFF-9BAE-AF495A3BE35E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
},
{
"lang": "es",
"value": "La funci\u00f3n specific en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC (Funci\u00f3n de almacenamiento de video remoto) no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del b\u00fafer.\u0026#xa0;Al obtener el permiso privilegiado, los atacantes remotos usan la filtraci\u00f3n para finalizar anormalmente el servicio Web"
}
],
"id": "CVE-2021-28192",
"lastModified": "2024-11-21T05:59:18.017",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-06T05:15:15.957",
"references": [
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "twcert@cert.org.tw",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4562-4b207-1.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4562-4b207-1.html"
}
],
"sourceIdentifier": "twcert@cert.org.tw",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "twcert@cert.org.tw",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-28209 (GCVE-0-2021-28209)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 16:58
VLAI?
Title
ASUS BMC's firmware: path traversal - Delete video file function
Summary
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:13.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:25",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103036",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: path traversal - Delete video file function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28209",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: path traversal - Delete video file function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103036",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28209",
"datePublished": "2021-04-06T05:02:25.860876Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T16:58:26.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28208 (GCVE-0-2021-28208)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 22:19
VLAI?
Title
ASUS BMC's firmware: path traversal - Get video file function
Summary
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for ASMB9-iKVM |
Affected:
1.11.12
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:24",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103035",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: path traversal - Get video file function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28208",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: path traversal - Get video file function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103035",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28208",
"datePublished": "2021-04-06T05:02:25.088577Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T22:19:36.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28207 (GCVE-0-2021-28207)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 20:53
VLAI?
Title
ASUS BMC's firmware: path traversal - Get Help file function
Summary
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for ASMB9-iKVM |
Affected:
1.11.12
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4577-60153-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:24",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4577-60153-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103034",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: path traversal - Get Help file function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28207",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: path traversal - Get Help file function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4577-60153-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4577-60153-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103034",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28207",
"datePublished": "2021-04-06T05:02:24.218556Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T20:53:18.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28206 (GCVE-0-2021-28206)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 20:26
VLAI?
Title
ASUS BMC's firmware: path traversal - Record video file function
Summary
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for ASMB9-iKVM |
Affected:
1.11.12
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:14.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4576-422ac-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:23",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4576-422ac-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103033",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: path traversal - Record video file function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28206",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: path traversal - Record video file function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4576-422ac-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4576-422ac-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103033",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28206",
"datePublished": "2021-04-06T05:02:23.403467Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T20:26:15.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28202 (GCVE-0-2021-28202)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-17 02:12
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Service configuration-2 function
Summary
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for ASMB9-iKVM |
Affected:
1.11.12
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:14.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Service configuration-2 function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:20",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103029",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Service configuration-2 function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28202",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Service configuration-2 function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Service configuration-2 function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103029",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28202",
"datePublished": "2021-04-06T05:02:20.160097Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T02:12:15.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28201 (GCVE-0-2021-28201)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-17 01:31
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Service configuration-1 function
Summary
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for ASMB9-iKVM |
Affected:
1.11.12
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:13.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Service configuration-1 function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:19",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103028",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Service configuration-1 function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28201",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Service configuration-1 function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Service configuration-1 function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103028",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28201",
"datePublished": "2021-04-06T05:02:19.279337Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T01:31:19.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28200 (GCVE-0-2021-28200)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 16:48
VLAI?
Title
ASUS BMC's firmware: buffer overflow - CD media configuration function
Summary
The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for ASMB9-iKVM |
Affected:
1.11.12
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.953Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4570-4d216-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CD media configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:18",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4570-4d216-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103027",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - CD media configuration function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28200",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - CD media configuration function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CD media configuration function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4570-4d216-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4570-4d216-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103027",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28200",
"datePublished": "2021-04-06T05:02:18.362839Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T16:48:30.923Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28209 (GCVE-0-2021-28209)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-16 16:58
VLAI?
Title
ASUS BMC's firmware: path traversal - Delete video file function
Summary
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for ASMB9-iKVM |
Affected:
1.11.12
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:13.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:25",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103036",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: path traversal - Delete video file function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28209",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: path traversal - Delete video file function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103036",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28209",
"datePublished": "2021-04-06T05:02:25.860876Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T16:58:26.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28208 (GCVE-0-2021-28208)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-16 22:19
VLAI?
Title
ASUS BMC's firmware: path traversal - Get video file function
Summary
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for ASMB9-iKVM |
Affected:
1.11.12
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:24",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103035",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: path traversal - Get video file function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28208",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: path traversal - Get video file function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103035",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28208",
"datePublished": "2021-04-06T05:02:25.088577Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T22:19:36.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28207 (GCVE-0-2021-28207)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-16 20:53
VLAI?
Title
ASUS BMC's firmware: path traversal - Get Help file function
Summary
The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for ASMB9-iKVM |
Affected:
1.11.12
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.874Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4577-60153-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:24",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4577-60153-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103034",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: path traversal - Get Help file function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28207",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: path traversal - Get Help file function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4577-60153-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4577-60153-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103034",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28207",
"datePublished": "2021-04-06T05:02:24.218556Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T20:53:18.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28206 (GCVE-0-2021-28206)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-16 20:26
VLAI?
Title
ASUS BMC's firmware: path traversal - Record video file function
Summary
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Severity ?
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for ASMB9-iKVM |
Affected:
1.11.12
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:14.066Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4576-422ac-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:23",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4576-422ac-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103033",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: path traversal - Record video file function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28206",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: path traversal - Record video file function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4576-422ac-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4576-422ac-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103033",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28206",
"datePublished": "2021-04-06T05:02:23.403467Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-16T20:26:15.698Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28202 (GCVE-0-2021-28202)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-17 02:12
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Service configuration-2 function
Summary
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for ASMB9-iKVM |
Affected:
1.11.12
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:14.013Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Service configuration-2 function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:20",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103029",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Service configuration-2 function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28202",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Service configuration-2 function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Service configuration-2 function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103029",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28202",
"datePublished": "2021-04-06T05:02:20.160097Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T02:12:15.278Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-28201 (GCVE-0-2021-28201)
Vulnerability from nvd – Published: 2021-04-06 05:02 – Updated: 2024-09-17 01:31
VLAI?
Title
ASUS BMC's firmware: buffer overflow - Service configuration-1 function
Summary
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Severity ?
4.9 (Medium)
CWE
- CWE-120 - Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ASUS | BMC firmware for ASMB9-iKVM |
Affected:
1.11.12
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:13.737Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Service configuration-1 function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:19",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103028",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: buffer overflow - Service configuration-1 function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28201",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: buffer overflow - Service configuration-1 function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Service configuration-1 function in ASUS BMC\u2019s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120 Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103028",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28201",
"datePublished": "2021-04-06T05:02:19.279337Z",
"dateReserved": "2021-03-12T00:00:00",
"dateUpdated": "2024-09-17T01:31:19.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}