CVE-2021-28195

Summary

The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Affected Software

VendorProductVersion RangeStatus
ASUSBMC firmware for ASMB9-iKVM1.11.12affected
ASUSBMC firmware for RS720A-E9-RS24-E1.10.3affected
ASUSBMC firmware for RS700A-E9-RS41.10.0affected
ASUSBMC firmware for RS700-E9-RS41.09affected
ASUSBMC firmware for ESC4000 G4X1.11.6affected
ASUSBMC firmware for RS700-E9-RS121.11.5affected
ASUSBMC firmware for RS100-E10-PI21.13.6affected
ASUSBMC firmware for RS300-E10-PS41.13.6affected
ASUSBMC firmware for RS300-E10-RS41.13.6affected
ASUSBMC firmware for RS500A-E9-PS41.14.1affected
ASUSBMC firmware for RS500A-E9-RS41.14.1affected
ASUSBMC firmware for RS500A-E9 RS41.14.1affected
ASUSBMC firmware for E700 G41.14.1affected
ASUSBMC firmware for WS C422 PRO/SE1.14.1affected
ASUSBMC firmware for WS X299 PRO/SE1.14.1affected
ASUSBMC firmware for Z11PA-U121.15.1affected
ASUSBMC firmware for Z11PA-U12/10G-2S1.15.1affected
ASUSBMC firmware for KNPA-U161.13.4affected
ASUSBMC firmware for ESC4000 DHD G41.13.7affected
ASUSBMC firmware for ESC4000 G41.15.2affected
ASUSBMC firmware for RS720Q-E9-RS24-S1.15.0affected
ASUSBMC firmware for RS720Q-E9-RS81.15.0affected
ASUSBMC firmware for RS720Q-E9-RS8-S1.15.0affected
ASUSBMC firmware for Z11PA-D81.14.1affected
ASUSBMC firmware for Z11PA-D8C1.14.1affected
ASUSBMC firmware for RS720-E9-RS24-U1.14.3affected
ASUSBMC firmware for RS720-E9-RS8-G1.15.2affected
ASUSBMC firmware for RS500-E9-PS41.15.4affected
ASUSBMC firmware for Pro E800 G41.14.2affected
ASUSBMC firmware for RS500-E9-RS41.15.4affected
ASUSBMC firmware for RS500-E9-RS4-U1.15.4affected
ASUSBMC firmware for RS520-E9-RS12-E1.15.3affected
ASUSBMC firmware for RS520-E9-RS81.15.3affected
ASUSBMC firmware for ESC8000 G41.15.4affected
ASUSBMC firmware for ESC8000 G4/10G1.15.4affected
ASUSBMC firmware for RS720-E9-RS12-E1.15.2affected
ASUSBMC firmware for WS C621E SAGE1.15.1affected
ASUSBMC firmware for RS500A-E10-PS41.15.2affected
ASUSBMC firmware for RS500A-E10-RS41.15.2affected
ASUSBMC firmware for RS700A-E9-RS12V21.15.1affected
ASUSBMC firmware for RS700A-E9-RS4V21.15.1affected
ASUSBMC firmware for RS720A-E9-RS12V21.15.2affected
ASUSBMC firmware for RS720A-E9-RS24V21.15.1affected
ASUSBMC firmware for Z11PR-D161.15.3affected

Weaknesses

  • CWE-120: CWE-120 Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

References