CVE-2021-28200
moderate-risk
Published 2021-04-06
The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Do I need to act?
-
0.87% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10
Medium
NETWORK
/ LOW complexity
Affected Products (20)
Asmb9-Ikvm Firmware
Rs720A-E9-Rs24-E Firmware
Rs700A-E9-Rs4 Firmware
Rs700-E9-Rs4 Firmware
Esc4000 G4X Firmware
Rs700-E9-Rs12 Firmware
Rs100-E10-Pi2 Firmware
Rs300-E10-Ps4 Firmware
Rs300-E10-Rs4 Firmware
Rs500A-E9-Ps4 Firmware
Rs500A-E9-Rs4 Firmware
Rs500A-E9 Rs4 U Firmware
E700 G4 Firmware
Ws C422 Pro\/Se Firmware
Ws X299 Pro\/Se Firmware
Z11Pa-U12 Firmware
Z11Pa-U12\/10G-2S Firmware
Knpa-U16 Firmware
Esc4000 Dhd G4 Firmware
Esc4000 G4 Firmware
Affected Vendors
References (6)
Vendor Advisory
https://www.asus.com/content/ASUS-Product-Security-Advisory/
Vendor Advisory
https://www.asus.com/tw/support/callus/
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4570-4d216-1.html
Vendor Advisory
https://www.asus.com/content/ASUS-Product-Security-Advisory/
Vendor Advisory
https://www.asus.com/tw/support/callus/
Third Party Advisory
https://www.twcert.org.tw/tw/cp-132-4570-4d216-1.html
48
/ 100
moderate-risk
Severity
20/34 · Moderate
Exploitability
3/34 · Minimal
Exposure
25/34 · High