目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CVE-2021-28194— ASUS BMC Firmware 安全特征问题漏洞

CVSS 4.9 · Medium EPSS 0.87% · P75
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2021-28194の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
ASUS BMC's firmware: buffer overflow - Remote image configuration setting
ソース: NVD (National Vulnerability Database)
脆弱性説明
The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
未进行输入大小检查的缓冲区拷贝(传统缓冲区溢出)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
ASUS BMC Firmware 安全特征问题漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
ASUS BMC Firmware是中国华硕(ASUS)公司的一个固件。 ASUS BMC firmware Web management page 存在安全特征问题漏洞,该漏洞源于specific function对用户输入的字符串长度不进行验证,导致缓冲区溢出漏洞。远程攻击者可利用该漏洞利用泄漏异常终止Web服务。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
ASUSBMC firmware for ASMB9-iKVM 1.11.12 -
ASUSBMC firmware for RS720A-E9-RS24-E 1.10.3 -
ASUSBMC firmware for RS700A-E9-RS4 1.10.0 -
ASUSBMC firmware for RS700-E9-RS4 1.09 -
ASUSBMC firmware for ESC4000 G4X 1.11.6 -
ASUSBMC firmware for RS700-E9-RS12 1.11.5 -
ASUSBMC firmware for RS100-E10-PI2 1.13.6 -
ASUSBMC firmware for RS300-E10-PS4 1.13.6 -
ASUSBMC firmware for RS300-E10-RS4 1.13.6 -
ASUSBMC firmware for RS500A-E9-PS4 1.14.1 -
ASUSBMC firmware for RS500A-E9-RS4 1.14.1 -
ASUSBMC firmware for RS500A-E9 RS4 1.14.1 -
ASUSBMC firmware for E700 G4 1.14.1 -
ASUSBMC firmware for WS C422 PRO/SE 1.14.1 -
ASUSBMC firmware for WS X299 PRO/SE 1.14.1 -
ASUSBMC firmware for Z11PA-U12 1.15.1 -
ASUSBMC firmware for Z11PA-U12/10G-2S 1.15.1 -
ASUSBMC firmware for KNPA-U16 1.13.4 -
ASUSBMC firmware for ESC4000 DHD G4 1.13.7 -
ASUSBMC firmware for ESC4000 G4 1.15.2 -
ASUSBMC firmware for RS720Q-E9-RS24-S 1.15.0 -
ASUSBMC firmware for RS720Q-E9-RS8 1.15.0 -
ASUSBMC firmware for RS720Q-E9-RS8-S 1.15.0 -
ASUSBMC firmware for Z11PA-D8 1.14.1 -
ASUSBMC firmware for Z11PA-D8C 1.14.1 -
ASUSBMC firmware for RS720-E9-RS24-U 1.14.3 -
ASUSBMC firmware for RS720-E9-RS8-G 1.15.2 -
ASUSBMC firmware for RS500-E9-PS4 1.15.4 -
ASUSBMC firmware for Pro E800 G4 1.14.2 -
ASUSBMC firmware for RS500-E9-RS4 1.15.4 -
ASUSBMC firmware for RS500-E9-RS4-U 1.15.4 -
ASUSBMC firmware for RS520-E9-RS12-E 1.15.3 -
ASUSBMC firmware for RS520-E9-RS8 1.15.3 -
ASUSBMC firmware for ESC8000 G4 1.15.4 -
ASUSBMC firmware for ESC8000 G4/10G 1.15.4 -
ASUSBMC firmware for RS720-E9-RS12-E 1.15.2 -
ASUSBMC firmware for WS C621E SAGE 1.15.1 -
ASUSBMC firmware for RS500A-E10-PS4 1.15.2 -
ASUSBMC firmware for RS500A-E10-RS4 1.15.2 -
ASUSBMC firmware for RS700A-E9-RS12V2 1.15.1 -
ASUSBMC firmware for RS700A-E9-RS4V2 1.15.1 -
ASUSBMC firmware for RS720A-E9-RS12V2 1.15.2 -
ASUSBMC firmware for RS720A-E9-RS24V2 1.15.1 -
ASUSBMC firmware for Z11PR-D16 1.15.3 -

II. CVE-2021-28194の公開POC

#POC説明ソースリンクShenlongリンク
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2021-28194のインテリジェンス情報

登录查看更多情报信息。

Same Patch Batch · ASUS · 2021-04-06 · 35 CVEs total

CVE-2021-282047.2 HIGHASUS BMC's firmware: command injection - Modify user’s information function
CVE-2021-282037.2 HIGHASUS BMC's firmware: command injection - Web Set Media Image function
CVE-2021-281804.9 MEDIUMASUS BMC's firmware: buffer overflow - Audit log configuration setting
CVE-2021-281904.9 MEDIUMASUS BMC's firmware: buffer overflow - Generate new certificate function
CVE-2021-281884.9 MEDIUMASUS BMC's firmware: buffer overflow - Modify user’s information function
CVE-2021-281874.9 MEDIUMASUS BMC's firmware: buffer overflow - Generate new SSL certificate
CVE-2021-281854.9 MEDIUMASUS BMC's firmware: buffer overflow - ActiveX configuration-1 acquisition
CVE-2021-281864.9 MEDIUMASUS BMC's firmware: buffer overflow - ActiveX configuration-2 acquisition
CVE-2021-281844.9 MEDIUMASUS BMC's firmware: buffer overflow - Active Directory configuration function
CVE-2021-281834.9 MEDIUMASUS BMC's firmware: buffer overflow - Web License configuration setting
CVE-2021-281824.9 MEDIUMASUS BMC's firmware: buffer overflow - Web Service configuration function
CVE-2021-281914.9 MEDIUMASUS BMC's firmware: buffer overflow - Firmware update function
CVE-2021-281814.9 MEDIUMASUS BMC's firmware: buffer overflow - Remote video configuration setting
CVE-2021-281794.9 MEDIUMASUS BMC's firmware: buffer overflow - Media support configuration setting
CVE-2021-281774.9 MEDIUMASUS BMC's firmware: buffer overflow - LDAP configuration function
CVE-2021-281784.9 MEDIUMASUS BMC's firmware: buffer overflow - UEFI configuration function
CVE-2021-281764.9 MEDIUMASUS BMC's firmware: buffer overflow - DNS configuration function
CVE-2021-281754.9 MEDIUMASUS BMC's firmware: buffer overflow - Radius configuration function
CVE-2021-281894.9 MEDIUMASUS BMC's firmware: buffer overflow - SMTP configuration function
CVE-2021-282094.9 MEDIUMASUS BMC's firmware: path traversal - Delete video file function

Showing 20 of 35 CVEs. View all on vendor page →

IV. 関連脆弱性

同じ製品: BMC firmware for ASMB9-iKVM
同じベンダー: ASUS
同じ弱点: CWE-120

V. CVE-2021-28194へのコメント

まだコメントはありません

コメントを残す