Vulnerability Details CVE-2021-28196
The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 69.8%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
- https://www.asus.com/content/ASUS-Product-Security-Advisory/
- https://www.asus.com/tw/support/callus/
- https://www.twcert.org.tw/tw/cp-132-4566-9154b-1.html
- https://www.asus.com/content/ASUS-Product-Security-Advisory/
- https://www.asus.com/tw/support/callus/
- https://www.twcert.org.tw/tw/cp-132-4566-9154b-1.html
Products affected by CVE-2021-28196
-
cpe:2.3:h:asus:asmb9-ikvm:-
-
cpe:2.3:h:asus:e700_g4:-
-
cpe:2.3:h:asus:esc4000_dhd_g4:-
-
cpe:2.3:h:asus:esc4000_g4:-
-
cpe:2.3:h:asus:esc4000_g4x:-
-
cpe:2.3:h:asus:esc8000_g4/10g:-
-
cpe:2.3:h:asus:esc8000_g4:-
-
cpe:2.3:h:asus:knpa-u16:-
-
cpe:2.3:h:asus:pro_e800_g4:-
-
cpe:2.3:h:asus:rs100-e10-pi2:-
-
cpe:2.3:h:asus:rs300-e10-ps4:-
-
cpe:2.3:h:asus:rs300-e10-rs4:-
-
cpe:2.3:h:asus:rs500-e9-ps4:-
-
cpe:2.3:h:asus:rs500-e9-rs4-u:-
-
cpe:2.3:h:asus:rs500-e9-rs4:-
-
cpe:2.3:h:asus:rs500a-e10-ps4:-
-
cpe:2.3:h:asus:rs500a-e10-rs4:-
-
cpe:2.3:h:asus:rs500a-e9-ps4:-
-
cpe:2.3:h:asus:rs500a-e9-rs4:-
-
cpe:2.3:h:asus:rs500a-e9_rs4_u:-
-
cpe:2.3:h:asus:rs520-e9-rs12-e:-
-
cpe:2.3:h:asus:rs520-e9-rs8:-
-
cpe:2.3:h:asus:rs700-e9-rs12:-
-
cpe:2.3:h:asus:rs700-e9-rs4:-
-
cpe:2.3:h:asus:rs700a-e9-rs12v2:-
-
cpe:2.3:h:asus:rs700a-e9-rs4:-
-
cpe:2.3:h:asus:rs700a-e9-rs4v2:-
-
cpe:2.3:h:asus:rs720-e9-rs12-e:-
-
cpe:2.3:h:asus:rs720-e9-rs24-u:-
-
cpe:2.3:h:asus:rs720-e9-rs8-g:-
-
cpe:2.3:h:asus:rs720a-e9-rs12v2:-
-
cpe:2.3:h:asus:rs720a-e9-rs24-e:-
-
cpe:2.3:h:asus:rs720a-e9-rs24v2:-
-
cpe:2.3:h:asus:rs720q-e9-rs24-s:-
-
cpe:2.3:h:asus:rs720q-e9-rs8-s:-
-
cpe:2.3:h:asus:rs720q-e9-rs8:-
-
cpe:2.3:h:asus:ws_c422_pro/se:-
-
cpe:2.3:h:asus:ws_c621e_sage:-
-
cpe:2.3:h:asus:ws_x299_pro/se:-
-
cpe:2.3:h:asus:z11pa-d8:-
-
cpe:2.3:h:asus:z11pa-d8c:-
-
cpe:2.3:h:asus:z11pa-u12/10g-2s:-
-
cpe:2.3:h:asus:z11pa-u12:-
-
cpe:2.3:h:asus:z11pr-d16:-
-
cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12
-
cpe:2.3:o:asus:e700_g4_firmware:1.14.1
-
cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7
-
cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2
-
cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6
-
cpe:2.3:o:asus:esc8000_g4/10g_firmware:1.15.4
-
cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4
-
cpe:2.3:o:asus:knpa-u16_firmware:1.13.4
-
cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2
-
cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6
-
cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6
-
cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6
-
cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4
-
cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4
-
cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4
-
cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2
-
cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2
-
cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1
-
cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1
-
cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1
-
cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3
-
cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3
-
cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5
-
cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09
-
cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1
-
cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0
-
cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1
-
cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2
-
cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3
-
cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2
-
cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2
-
cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3
-
cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1
-
cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0
-
cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0
-
cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0
-
cpe:2.3:o:asus:ws_c422_pro/se_firmware:1.14.1
-
cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1
-
cpe:2.3:o:asus:ws_x299_pro/se_firmware:1.14.1
-
cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1
-
cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1
-
cpe:2.3:o:asus:z11pa-u12/10g-2s_firmware:1.15.1
-
cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1
-
cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3