CVE-2021-28194: ASUS BMC's firmware: buffer overflow - Remote image configuration setting
First published: Tue Apr 06 2021(Updated: )
The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asus ASMB9-IKVM | =1.11.12 | |
| Asus Asmb9-ikvm Firmware | ||
| Asus RS720A-E9-RS24-E | =1.10.3 | |
| Asus Rs720a-e9-rs24-e Firmware | ||
| Asus RS700A-E9-RS4V2 | =1.10.0 | |
| Asus RS700A-E9-RS4V2 | ||
| Asus RS700-E9-RS4 | =1.09 | |
| Asus Rs700-e9-rs4 Firmware | ||
| Asus Esc4000 G4x Firmware | =1.11.6 | |
| Asus Esc4000 G4x Firmware | ||
| Asus RS700-E9-RS12 | =1.11.5 | |
| Asus RS700-E9-RS12 | ||
| Asus RS100-E10-PI2 | =1.13.6 | |
| Asus RS100-E10-PI2 | ||
| Asus RS300-E10-PS4 | =1.13.6 | |
| Asus RS300-E10-PS4 Firmware | ||
| Asus RS300-E10-RS4 | =1.13.6 | |
| Asus RS300-E10-RS4 Firmware | ||
| Asus RS500A-E9-PS4 | =1.14.1 | |
| Asus RS500-E9-PS4 | ||
| Asus RS500A-E9 RS4 U | =1.14.1 | |
| Asus RS500A-E9 RS4 U | ||
| Asus RS500A-E9-PS4 | =1.14.1 | |
| Asus RS500A-E9 RS4 U Firmware | ||
| Asus E700 G4 | =1.14.1 | |
| Asus E700 G4 | ||
| Asus WS C422 Pro/SE Firmware | =1.14.1 | |
| Asus WS C422 Pro/SE | ||
| Asus Ws X299 Pro/se Firmware | =1.14.1 | |
| Asus WS X299 Pro/SE | ||
| Asus Z11pa-u12 Firmware | =1.15.1 | |
| Asus Z11pa-u12 Firmware | ||
| Asus Z11pa-u12/10g-2s Firmware | =1.15.1 | |
| Asus Z11pa-u12/10g-2s | ||
| Asus Knpa-u16 | =1.13.4 | |
| Asus Knpa-u16 Firmware | ||
| Asus Esc4000 Dhd G4 | =1.13.7 | |
| Asus Esc4000 Dhd G4 | ||
| Asus Esc4000 G4 | =1.15.2 | |
| Asus Esc4000 G4 Firmware | ||
| Asus RS720Q-E9-RS24-S Firmware | =1.15.0 | |
| Asus RS720Q-E9-RS24-S Firmware | ||
| Asus RS720Q-E9-RS8 | =1.15.0 | |
| Asus RS720Q-E9-RS8 Firmware | ||
| Asus RS720Q-E9-RS8-S | =1.15.0 | |
| Asus Rs720q-e9-rs24-s | ||
| Asus Z11pa-d8 | =1.14.1 | |
| Asus Z11pa-d8 Firmware | ||
| Asus Z11pa-d8c Firmware | =1.14.1 | |
| Asus Z11pa-d8c Firmware | ||
| Asus RS720-E9-RS24-U | =1.14.3 | |
| Asus RS720-E9-RS24-U | ||
| Asus RS720-E9-RS8-G | =1.15.2 | |
| Asus Rs720-e9-rs8-g Firmware | ||
| Asus RS500A-E9-PS4 | =1.15.4 | |
| Asus RS500-E9-PS4 | ||
| Asus Pro E800 G4 | =1.14.2 | |
| Asus Pro E800 G4 | ||
| Asus RS500-E9-RS4 Firmware | =1.15.4 | |
| Asus RS500-E9-RS4 Firmware | ||
| Asus Rs500-e9-rs4 | =1.15.4 | |
| Asus Rs500-e9-rs4 | ||
| Asus RS520-E9-RS12-E | =1.15.3 | |
| Asus RS520-E9-RS12-E Firmware | ||
| Asus RS520-E9-RS8 | =1.15.3 | |
| Asus Rs520-e9-rs8 Firmware | ||
| Asus Esc8000 G4/10g Firmware | =1.15.4 | |
| Asus Esc8000 G4/10g Firmware | ||
| Asus Esc8000 G4/10g Firmware | =1.15.4 | |
| Asus Esc8000 G4/10g | ||
| Asus RS520-E9-RS12-E Firmware | =1.15.2 | |
| Asus RS720-E9-RS12-E Firmware | ||
| Asus WS C621E Sage | =1.15.1 | |
| Asus Ws C621e Sage Firmware | ||
| Asus RS500A-E10-PS4 | =1.15.2 | |
| Asus Rs500a-e10-ps4 Firmware | ||
| Asus RS500A-E10-RS4 | =1.15.2 | |
| Asus RS500A-E10-RS4 | ||
| Asus RS700A-E9-RS12V2 | =1.15.1 | |
| Asus RS720A-E9-RS12V2 | ||
| Asus RS700A-E9-RS4V2 | =1.15.1 | |
| Asus RS700A-E9-RS4V2 Firmware | ||
| Asus RS720A-E9-RS12V2 | =1.15.2 | |
| Asus RS720A-E9-RS12V2 | ||
| Asus Rs720a-e9-rs24v2 | =1.15.1 | |
| Asus Rs720a-e9-rs24v2 Firmware | ||
| Asus Z11pr-d16 | =1.15.3 | |
| Asus Z11pr-d16 Firmware |
Remedy
update BMC's firmwares to the following versions: ESC4000 G4X 1.15.6 RS700-E9-RS12 1.15.4 RS100-E10-PI2 1.15.3 RS300-E10-PS4 1.15.3 RS300-E10-RS4 1.15.3 RS500A-E9-PS4 1.14.2 RS500A-E9-RS4 1.14.2 RS500A-E9 RS4 U 1.14.2 E700 G4 1.14.2 WS C422 PRO/SE 1.14.2 WS X299 PRO/SE 1.14.2 Z11PA-U12 1.15.2 KNPA-U16 1.14.5 ESC4000 DHD G4 1.15.2 ESC4000 G4 1.15.6 RS720Q-E9-RS24-S 1.15.1 RS720Q-E9-RS8 1.15.1 RS720Q-E9-RS8-S 1.15.1 Z11PA-D8 1.15.2 Z11PA-D8C 1.15.2 RS720-E9-RS24-U 1.15.5 RS720-E9-RS8-G 1.15.4 RS500-E9-PS4 1.15.5 Pro E800 G4 1.15.2 RS500-E9-RS4 1.15.5 RS500-E9-RS4-U 1.15.5 RS520-E9-RS12-E 1.15.4 RS520-E9-RS8 1.15.4 ESC8000 G4 1.15.5 ESC8000 G4/10G 1.15.5 RS720-E9-RS12-E 1.15.3 WS C621E SAGE 1.15.3 RS500A-E10-PS4 1.15.3 RS500A-E10-RS4 1.15.3 RS700A-E9-RS12V2 1.15.3 RS700A-E9-RS4V2 1.15.3 RS720A-E9-RS12V2 1.15.3 RS720A-E9-RS24V2 1.15.3 Z11PR-D16 1.15.4
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-28194?
CVE-2021-28194 is categorized as a buffer overflow vulnerability that can lead to remote code execution if exploited.
How do I fix CVE-2021-28194?
To mitigate CVE-2021-28194, update the affected ASUS BMC firmware to the latest version as recommended by ASUS.
Which ASUS firmware versions are affected by CVE-2021-28194?
The vulnerability impacts multiple ASUS firmware versions, including 1.11.12, 1.10.3, 1.10.0, 1.11.6, and 1.13.6.
What are the potential consequences of CVE-2021-28194 exploitation?
Exploitation of CVE-2021-28194 could allow remote attackers to gain unauthorized access and execute arbitrary code on the targeted devices.
Is there any workaround for CVE-2021-28194 prior to applying the patch?
Until a patch is applied, it is advised to restrict network access to affected devices and monitor for unusual activity.
- agent/type
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/asus
- canonical/asus asmb9-ikvm
- version/asus asmb9-ikvm/1.11.12
- canonical/asus asmb9-ikvm firmware
- canonical/asus rs720a-e9-rs24-e
- version/asus rs720a-e9-rs24-e/1.10.3
- canonical/asus rs720a-e9-rs24-e firmware
- canonical/asus rs700a-e9-rs4v2
- version/asus rs700a-e9-rs4v2/1.10.0
- canonical/asus rs700-e9-rs4
- version/asus rs700-e9-rs4/1.09
- canonical/asus rs700-e9-rs4 firmware
- canonical/asus esc4000 g4x firmware
- version/asus esc4000 g4x firmware/1.11.6
- canonical/asus rs700-e9-rs12
- version/asus rs700-e9-rs12/1.11.5
- canonical/asus rs100-e10-pi2
- version/asus rs100-e10-pi2/1.13.6
- canonical/asus rs300-e10-ps4
- version/asus rs300-e10-ps4/1.13.6
- canonical/asus rs300-e10-ps4 firmware
- canonical/asus rs300-e10-rs4
- version/asus rs300-e10-rs4/1.13.6
- canonical/asus rs300-e10-rs4 firmware
- canonical/asus rs500a-e9-ps4
- version/asus rs500a-e9-ps4/1.14.1
- canonical/asus rs500-e9-ps4
- canonical/asus rs500a-e9 rs4 u
- version/asus rs500a-e9 rs4 u/1.14.1
- canonical/asus rs500a-e9 rs4 u firmware
- canonical/asus e700 g4
- version/asus e700 g4/1.14.1
- canonical/asus ws c422 pro/se firmware
- version/asus ws c422 pro/se firmware/1.14.1
- canonical/asus ws c422 pro/se
- canonical/asus ws x299 pro/se firmware
- version/asus ws x299 pro/se firmware/1.14.1
- canonical/asus ws x299 pro/se
- canonical/asus z11pa-u12 firmware
- version/asus z11pa-u12 firmware/1.15.1
- canonical/asus z11pa-u12/10g-2s firmware
- version/asus z11pa-u12/10g-2s firmware/1.15.1
- canonical/asus z11pa-u12/10g-2s
- canonical/asus knpa-u16
- version/asus knpa-u16/1.13.4
- canonical/asus knpa-u16 firmware
- canonical/asus esc4000 dhd g4
- version/asus esc4000 dhd g4/1.13.7
- canonical/asus esc4000 g4
- version/asus esc4000 g4/1.15.2
- canonical/asus esc4000 g4 firmware
- canonical/asus rs720q-e9-rs24-s firmware
- version/asus rs720q-e9-rs24-s firmware/1.15.0
- canonical/asus rs720q-e9-rs8
- version/asus rs720q-e9-rs8/1.15.0
- canonical/asus rs720q-e9-rs8 firmware
- canonical/asus rs720q-e9-rs8-s
- version/asus rs720q-e9-rs8-s/1.15.0
- canonical/asus rs720q-e9-rs24-s
- canonical/asus z11pa-d8
- version/asus z11pa-d8/1.14.1
- canonical/asus z11pa-d8 firmware
- canonical/asus z11pa-d8c firmware
- version/asus z11pa-d8c firmware/1.14.1
- canonical/asus rs720-e9-rs24-u
- version/asus rs720-e9-rs24-u/1.14.3
- canonical/asus rs720-e9-rs8-g
- version/asus rs720-e9-rs8-g/1.15.2
- canonical/asus rs720-e9-rs8-g firmware
- version/asus rs500a-e9-ps4/1.15.4
- canonical/asus pro e800 g4
- version/asus pro e800 g4/1.14.2
- canonical/asus rs500-e9-rs4 firmware
- version/asus rs500-e9-rs4 firmware/1.15.4
- canonical/asus rs500-e9-rs4
- version/asus rs500-e9-rs4/1.15.4
- canonical/asus rs520-e9-rs12-e
- version/asus rs520-e9-rs12-e/1.15.3
- canonical/asus rs520-e9-rs12-e firmware
- canonical/asus rs520-e9-rs8
- version/asus rs520-e9-rs8/1.15.3
- canonical/asus rs520-e9-rs8 firmware
- canonical/asus esc8000 g4/10g firmware
- version/asus esc8000 g4/10g firmware/1.15.4
- canonical/asus esc8000 g4/10g
- version/asus rs520-e9-rs12-e firmware/1.15.2
- canonical/asus rs720-e9-rs12-e firmware
- canonical/asus ws c621e sage
- version/asus ws c621e sage/1.15.1
- canonical/asus ws c621e sage firmware
- canonical/asus rs500a-e10-ps4
- version/asus rs500a-e10-ps4/1.15.2
- canonical/asus rs500a-e10-ps4 firmware
- canonical/asus rs500a-e10-rs4
- version/asus rs500a-e10-rs4/1.15.2
- canonical/asus rs700a-e9-rs12v2
- version/asus rs700a-e9-rs12v2/1.15.1
- canonical/asus rs720a-e9-rs12v2
- version/asus rs700a-e9-rs4v2/1.15.1
- canonical/asus rs700a-e9-rs4v2 firmware
- version/asus rs720a-e9-rs12v2/1.15.2
- canonical/asus rs720a-e9-rs24v2
- version/asus rs720a-e9-rs24v2/1.15.1
- canonical/asus rs720a-e9-rs24v2 firmware
- canonical/asus z11pr-d16
- version/asus z11pr-d16/1.15.3
- canonical/asus z11pr-d16 firmware