CVE-2021-28198 : The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string len

The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Published 2021-04-06 05:15:17

Updated 2021-04-13 19:33:57

Source TWCERT/CC

View at NVD, CVE.org

Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2021-28198

Probability of exploitation activity in the next 30 days: 0.35%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 68 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-28198

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:N/A:P	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H	1.2	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
4.9	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H	1.2	3.6	TWCERT/CC
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2021-28198

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
Assigned by:
- nvd@nist.gov (Primary)
- twcert@cert.org.tw (Secondary)

References for CVE-2021-28198

https://www.twcert.org.tw/tw/cp-132-4568-627f7-1.html

TWCERT/CC台灣電腦網路危機處理暨協調中心-ASUS BMC's firmware: buffer overflow - 設定韌體協定配置
Third Party Advisory
https://www.asus.com/tw/support/callus/

官方支援 | ASUS 台灣
Vendor Advisory

CVEs referencing this url
https://www.asus.com/content/ASUS-Product-Security-Advisory/

ASUS Product Security Advisory | ASUS Global
Vendor Advisory

CVEs referencing this url

Products affected by CVE-2021-28198

Asus » Asmb9-ikvm Firmware » Version: 1.11.12
cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Asmb9-ikvm » Version: N/A
Asus » Rs720a-e9-rs24-e Firmware » Version: 1.10.3
cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs720a-e9-rs24-e » Version: N/A
Asus » Rs700a-e9-rs4 Firmware » Version: 1.10.0
cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs700a-e9-rs4 » Version: N/A
Asus » Rs700-e9-rs4 Firmware » Version: 1.09
cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs700-e9-rs4 » Version: N/A
Asus » Esc4000 G4x Firmware » Version: 1.11.6
cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Esc4000 G4x » Version: N/A
Asus » Rs700-e9-rs12 Firmware » Version: 1.11.5
cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs700-e9-rs12 » Version: N/A
Asus » Rs100-e10-pi2 Firmware » Version: 1.13.6
cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs100-e10-pi2 » Version: N/A
Asus » Rs300-e10-ps4 Firmware » Version: 1.13.6
cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs300-e10-ps4 » Version: N/A
Asus » Rs300-e10-rs4 Firmware » Version: 1.13.6
cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs300-e10-rs4 » Version: N/A
Asus » Rs500a-e9-ps4 Firmware » Version: 1.14.1
cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs500a-e9-ps4 » Version: N/A
Asus » Rs500a-e9-rs4 Firmware » Version: 1.14.1
cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs500a-e9-rs4 » Version: N/A
Asus » Rs500a-e9 Rs4 U Firmware » Version: 1.14.1
cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs500a-e9 Rs4 U » Version: N/A
Asus » E700 G4 Firmware » Version: 1.14.1
cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » E700 G4 » Version: N/A
Asus » Ws C422 Pro/se Firmware » Version: 1.14.1
cpe:2.3:o:asus:ws_c422_pro\/se_firmware:1.14.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Ws C422 Pro/se » Version: N/A
Asus » Ws X299 Pro/se Firmware » Version: 1.14.1
cpe:2.3:o:asus:ws_x299_pro\/se_firmware:1.14.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Ws X299 Pro/se » Version: N/A
Asus » Z11pa-u12 Firmware » Version: 1.15.1
cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Z11pa-u12 » Version: N/A
Asus » Z11pa-u12/10g-2s Firmware » Version: 1.15.1
cpe:2.3:o:asus:z11pa-u12\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Z11pa-u12/10g-2s » Version: N/A
Asus » Knpa-u16 Firmware » Version: 1.13.4
cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Knpa-u16 » Version: N/A
Asus » Esc4000 Dhd G4 Firmware » Version: 1.13.7
cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Esc4000 Dhd G4 » Version: N/A
Asus » Esc4000 G4 Firmware » Version: 1.15.2
cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Esc4000 G4 » Version: N/A
Asus » Rs720q-e9-rs24-s Firmware » Version: 1.15.0
cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs720q-e9-rs24-s » Version: N/A
Asus » Rs720q-e9-rs8 Firmware » Version: 1.15.0
cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs720q-e9-rs8 » Version: N/A
Asus » Rs720q-e9-rs8-s Firmware » Version: 1.15.0
cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs720q-e9-rs8-s » Version: N/A
Asus » Z11pa-d8 Firmware » Version: 1.14.1
cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Z11pa-d8 » Version: N/A
Asus » Z11pa-d8c Firmware » Version: 1.14.1
cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Z11pa-d8c » Version: N/A
Asus » Rs720-e9-rs24-u Firmware » Version: 1.14.3
cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs720-e9-rs24-u » Version: N/A
Asus » Rs720-e9-rs8-g Firmware » Version: 1.15.2
cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs720-e9-rs8-g » Version: N/A
Asus » Rs500-e9-ps4 Firmware » Version: 1.15.4
cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs500-e9-ps4 » Version: N/A
Asus » Pro E800 G4 Firmware » Version: 1.14.2
cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Pro E800 G4 » Version: N/A
Asus » Rs500-e9-rs4 Firmware » Version: 1.15.4
cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs500-e9-rs4 » Version: N/A
Asus » Rs500-e9-rs4-u Firmware » Version: 1.15.4
cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs500-e9-rs4-u » Version: N/A
Asus » Rs520-e9-rs12-e Firmware » Version: 1.15.3
cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs520-e9-rs12-e » Version: N/A
Asus » Rs520-e9-rs8 Firmware » Version: 1.15.3
cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs520-e9-rs8 » Version: N/A
Asus » Esc8000 G4 Firmware » Version: 1.15.4
cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Esc8000 G4 » Version: N/A
Asus » Esc8000 G4/10g Firmware » Version: 1.15.4
cpe:2.3:o:asus:esc8000_g4\/10g_firmware:1.15.4:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Esc8000 G4/10g » Version: N/A
Asus » Rs720-e9-rs12-e Firmware » Version: 1.15.2
cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs720-e9-rs12-e » Version: N/A
Asus » Ws C621e Sage Firmware » Version: 1.15.1
cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Ws C621e Sage » Version: N/A
Asus » Rs500a-e10-ps4 Firmware » Version: 1.15.2
cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs500a-e10-ps4 » Version: N/A
Asus » Rs500a-e10-rs4 Firmware » Version: 1.15.2
cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs500a-e10-rs4 » Version: N/A
Asus » Rs700a-e9-rs12v2 Firmware » Version: 1.15.1
cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs700a-e9-rs12v2 » Version: N/A
Asus » Rs700a-e9-rs4v2 Firmware » Version: 1.15.1
cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs700a-e9-rs4v2 » Version: N/A
Asus » Rs720a-e9-rs12v2 Firmware » Version: 1.15.2
cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs720a-e9-rs12v2 » Version: N/A
Asus » Rs720a-e9-rs24v2 Firmware » Version: 1.15.1
cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Rs720a-e9-rs24v2 » Version: N/A
Asus » Z11pr-d16 Firmware » Version: 1.15.3
cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*
Matching versions
When used together with: Asus » Z11pr-d16 » Version: N/A

Vulnerability Details : CVE-2021-28198

Exploit prediction scoring system (EPSS) score for CVE-2021-28198

CVSS scores for CVE-2021-28198

CWE ids for CVE-2021-28198

References for CVE-2021-28198

Products affected by CVE-2021-28198