Vulnerability Details CVE-2021-28193
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.3%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
- https://www.asus.com/content/ASUS-Product-Security-Advisory/
- https://www.asus.com/tw/support/callus/
- https://www.twcert.org.tw/tw/cp-132-4563-e4092-1.html
- https://www.asus.com/content/ASUS-Product-Security-Advisory/
- https://www.asus.com/tw/support/callus/
- https://www.twcert.org.tw/tw/cp-132-4563-e4092-1.html
Products affected by CVE-2021-28193
-
cpe:2.3:h:asus:asmb9-ikvm:-
-
cpe:2.3:h:asus:e700_g4:-
-
cpe:2.3:h:asus:esc4000_dhd_g4:-
-
cpe:2.3:h:asus:esc4000_g4:-
-
cpe:2.3:h:asus:esc4000_g4x:-
-
cpe:2.3:h:asus:esc8000_g4/10g:-
-
cpe:2.3:h:asus:esc8000_g4:-
-
cpe:2.3:h:asus:knpa-u16:-
-
cpe:2.3:h:asus:pro_e800_g4:-
-
cpe:2.3:h:asus:rs100-e10-pi2:-
-
cpe:2.3:h:asus:rs300-e10-ps4:-
-
cpe:2.3:h:asus:rs300-e10-rs4:-
-
cpe:2.3:h:asus:rs500-e9-ps4:-
-
cpe:2.3:h:asus:rs500-e9-rs4-u:-
-
cpe:2.3:h:asus:rs500-e9-rs4:-
-
cpe:2.3:h:asus:rs500a-e10-ps4:-
-
cpe:2.3:h:asus:rs500a-e10-rs4:-
-
cpe:2.3:h:asus:rs500a-e9-ps4:-
-
cpe:2.3:h:asus:rs500a-e9-rs4:-
-
cpe:2.3:h:asus:rs500a-e9_rs4_u:-
-
cpe:2.3:h:asus:rs520-e9-rs12-e:-
-
cpe:2.3:h:asus:rs520-e9-rs8:-
-
cpe:2.3:h:asus:rs700-e9-rs12:-
-
cpe:2.3:h:asus:rs700-e9-rs4:-
-
cpe:2.3:h:asus:rs700a-e9-rs12v2:-
-
cpe:2.3:h:asus:rs700a-e9-rs4:-
-
cpe:2.3:h:asus:rs700a-e9-rs4v2:-
-
cpe:2.3:h:asus:rs720-e9-rs12-e:-
-
cpe:2.3:h:asus:rs720-e9-rs24-u:-
-
cpe:2.3:h:asus:rs720-e9-rs8-g:-
-
cpe:2.3:h:asus:rs720a-e9-rs12v2:-
-
cpe:2.3:h:asus:rs720a-e9-rs24-e:-
-
cpe:2.3:h:asus:rs720a-e9-rs24v2:-
-
cpe:2.3:h:asus:rs720q-e9-rs24-s:-
-
cpe:2.3:h:asus:rs720q-e9-rs8-s:-
-
cpe:2.3:h:asus:rs720q-e9-rs8:-
-
cpe:2.3:h:asus:ws_c422_pro/se:-
-
cpe:2.3:h:asus:ws_c621e_sage:-
-
cpe:2.3:h:asus:ws_x299_pro/se:-
-
cpe:2.3:h:asus:z11pa-d8:-
-
cpe:2.3:h:asus:z11pa-d8c:-
-
cpe:2.3:h:asus:z11pa-u12/10g-2s:-
-
cpe:2.3:h:asus:z11pa-u12:-
-
cpe:2.3:h:asus:z11pr-d16:-
-
cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12
-
cpe:2.3:o:asus:e700_g4_firmware:1.14.1
-
cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7
-
cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2
-
cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6
-
cpe:2.3:o:asus:esc8000_g4/10g_firmware:1.15.4
-
cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4
-
cpe:2.3:o:asus:knpa-u16_firmware:1.13.4
-
cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2
-
cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6
-
cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6
-
cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6
-
cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4
-
cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4
-
cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4
-
cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2
-
cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2
-
cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1
-
cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1
-
cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1
-
cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3
-
cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3
-
cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5
-
cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09
-
cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1
-
cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0
-
cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1
-
cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2
-
cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3
-
cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2
-
cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2
-
cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3
-
cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1
-
cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0
-
cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0
-
cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0
-
cpe:2.3:o:asus:ws_c422_pro/se_firmware:1.14.1
-
cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1
-
cpe:2.3:o:asus:ws_x299_pro/se_firmware:1.14.1
-
cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1
-
cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1
-
cpe:2.3:o:asus:z11pa-u12/10g-2s_firmware:1.15.1
-
cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1
-
cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3