CVE-2021-28200: ASUS BMC's firmware: buffer overflow - CD media configuration function
First published: Tue Apr 06 2021(Updated: )
The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Credit: twcert@cert.org.tw
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Asus Asmb9-ikvm Firmware | =1.11.12 | |
| Asus Asmb9-ikvm | ||
| Asus Rs720a-e9-rs24-e Firmware | =1.10.3 | |
| Asus Rs720a-e9-rs24-e | ||
| Asus Rs700a-e9-rs4 Firmware | =1.10.0 | |
| Asus Rs700a-e9-rs4 | ||
| Asus Rs700-e9-rs4 Firmware | =1.09 | |
| Asus Rs700-e9-rs4 | ||
| Asus Esc4000 G4x Firmware | =1.11.6 | |
| Asus Esc4000 G4x | ||
| Asus Rs700-e9-rs12 Firmware | =1.11.5 | |
| Asus Rs700-e9-rs12 | ||
| Asus Rs100-e10-pi2 Firmware | =1.13.6 | |
| Asus Rs100-e10-pi2 | ||
| Asus Rs300-e10-ps4 Firmware | =1.13.6 | |
| Asus Rs300-e10-ps4 | ||
| Asus Rs300-e10-rs4 Firmware | =1.13.6 | |
| Asus Rs300-e10-rs4 | ||
| Asus Rs500a-e9-ps4 Firmware | =1.14.1 | |
| Asus Rs500a-e9-ps4 | ||
| Asus Rs500a-e9-rs4 Firmware | =1.14.1 | |
| Asus Rs500a-e9-rs4 | ||
| Asus Rs500a-e9 Rs4 U Firmware | =1.14.1 | |
| Asus Rs500a-e9 Rs4 U | ||
| Asus E700 G4 Firmware | =1.14.1 | |
| Asus E700 G4 | ||
| Asus Ws C422 Pro\/se Firmware | =1.14.1 | |
| Asus Ws C422 Pro\/se | ||
| Asus Ws X299 Pro\/se Firmware | =1.14.1 | |
| Asus Ws X299 Pro\/se | ||
| Asus Z11pa-u12 Firmware | =1.15.1 | |
| Asus Z11pa-u12 | ||
| Asus Z11pa-u12\/10g-2s Firmware | =1.15.1 | |
| Asus Z11pa-u12\/10g-2s | ||
| Asus Knpa-u16 Firmware | =1.13.4 | |
| Asus Knpa-u16 | ||
| Asus Esc4000 Dhd G4 Firmware | =1.13.7 | |
| Asus Esc4000 Dhd G4 | ||
| Asus Esc4000 G4 Firmware | =1.15.2 | |
| Asus Esc4000 G4 | ||
| Asus Rs720q-e9-rs24-s Firmware | =1.15.0 | |
| Asus Rs720q-e9-rs24-s | ||
| Asus Rs720q-e9-rs8 Firmware | =1.15.0 | |
| Asus Rs720q-e9-rs8 | ||
| Asus Rs720q-e9-rs8-s Firmware | =1.15.0 | |
| Asus Rs720q-e9-rs8-s | ||
| Asus Z11pa-d8 Firmware | =1.14.1 | |
| Asus Z11pa-d8 | ||
| Asus Z11pa-d8c Firmware | =1.14.1 | |
| Asus Z11pa-d8c | ||
| Asus Rs720-e9-rs24-u Firmware | =1.14.3 | |
| Asus Rs720-e9-rs24-u | ||
| Asus Rs720-e9-rs8-g Firmware | =1.15.2 | |
| Asus Rs720-e9-rs8-g | ||
| Asus Rs500-e9-ps4 Firmware | =1.15.4 | |
| Asus Rs500-e9-ps4 | ||
| Asus Pro E800 G4 Firmware | =1.14.2 | |
| Asus Pro E800 G4 | ||
| Asus Rs500-e9-rs4 Firmware | =1.15.4 | |
| Asus Rs500-e9-rs4 | ||
| Asus Rs500-e9-rs4-u Firmware | =1.15.4 | |
| Asus Rs500-e9-rs4-u | ||
| Asus Rs520-e9-rs12-e Firmware | =1.15.3 | |
| Asus Rs520-e9-rs12-e | ||
| Asus Rs520-e9-rs8 Firmware | =1.15.3 | |
| Asus Rs520-e9-rs8 | ||
| Asus Esc8000 G4 Firmware | =1.15.4 | |
| Asus Esc8000 G4 | ||
| Asus Esc8000 G4\/10g Firmware | =1.15.4 | |
| Asus Esc8000 G4\/10g | ||
| Asus Rs720-e9-rs12-e Firmware | =1.15.2 | |
| Asus Rs720-e9-rs12-e | ||
| Asus Ws C621e Sage Firmware | =1.15.1 | |
| Asus Ws C621e Sage | ||
| Asus Rs500a-e10-ps4 Firmware | =1.15.2 | |
| Asus Rs500a-e10-ps4 | ||
| Asus Rs500a-e10-rs4 Firmware | =1.15.2 | |
| Asus Rs500a-e10-rs4 | ||
| Asus Rs700a-e9-rs12v2 Firmware | =1.15.1 | |
| Asus Rs700a-e9-rs12v2 | ||
| Asus Rs700a-e9-rs4v2 Firmware | =1.15.1 | |
| Asus Rs700a-e9-rs4v2 | ||
| Asus Rs720a-e9-rs12v2 Firmware | =1.15.2 | |
| Asus Rs720a-e9-rs12v2 | ||
| Asus Rs720a-e9-rs24v2 Firmware | =1.15.1 | |
| Asus Rs720a-e9-rs24v2 | ||
| Asus Z11pr-d16 Firmware | =1.15.3 | |
| Asus Z11pr-d16 |
Remedy
update BMC's firmwares to the following versions: ESC4000 G4X 1.15.6 RS700-E9-RS12 1.15.4 RS100-E10-PI2 1.15.3 RS300-E10-PS4 1.15.3 RS300-E10-RS4 1.15.3 RS500A-E9-PS4 1.14.2 RS500A-E9-RS4 1.14.2 RS500A-E9 RS4 U 1.14.2 E700 G4 1.14.2 WS C422 PRO/SE 1.14.2 WS X299 PRO/SE 1.14.2 Z11PA-U12 1.15.2 KNPA-U16 1.14.5 ESC4000 DHD G4 1.15.2 ESC4000 G4 1.15.6 RS720Q-E9-RS24-S 1.15.1 RS720Q-E9-RS8 1.15.1 RS720Q-E9-RS8-S 1.15.1 Z11PA-D8 1.15.2 Z11PA-D8C 1.15.2 RS720-E9-RS24-U 1.15.5 RS720-E9-RS8-G 1.15.4 RS500-E9-PS4 1.15.5 Pro E800 G4 1.15.2 RS500-E9-RS4 1.15.5 RS500-E9-RS4-U 1.15.5 RS520-E9-RS12-E 1.15.4 RS520-E9-RS8 1.15.4 ESC8000 G4 1.15.5 ESC8000 G4/10G 1.15.5 RS720-E9-RS12-E 1.15.3 WS C621E SAGE 1.15.3 RS500A-E10-PS4 1.15.3 RS500A-E10-RS4 1.15.3 RS700A-E9-RS12V2 1.15.3 RS700A-E9-RS4V2 1.15.3 RS720A-E9-RS12V2 1.15.3 RS720A-E9-RS24V2 1.15.3 Z11PR-D16 1.15.4
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/severity
- agent/author
- agent/references
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/asus
- canonical/asus asmb9-ikvm firmware
- version/asus asmb9-ikvm firmware/1.11.12
- canonical/asus asmb9-ikvm
- canonical/asus rs720a-e9-rs24-e firmware
- version/asus rs720a-e9-rs24-e firmware/1.10.3
- canonical/asus rs720a-e9-rs24-e
- canonical/asus rs700a-e9-rs4 firmware
- version/asus rs700a-e9-rs4 firmware/1.10.0
- canonical/asus rs700a-e9-rs4
- canonical/asus rs700-e9-rs4 firmware
- version/asus rs700-e9-rs4 firmware/1.09
- canonical/asus rs700-e9-rs4
- canonical/asus esc4000 g4x firmware
- version/asus esc4000 g4x firmware/1.11.6
- canonical/asus esc4000 g4x
- canonical/asus rs700-e9-rs12 firmware
- version/asus rs700-e9-rs12 firmware/1.11.5
- canonical/asus rs700-e9-rs12
- canonical/asus rs100-e10-pi2 firmware
- version/asus rs100-e10-pi2 firmware/1.13.6
- canonical/asus rs100-e10-pi2
- canonical/asus rs300-e10-ps4 firmware
- version/asus rs300-e10-ps4 firmware/1.13.6
- canonical/asus rs300-e10-ps4
- canonical/asus rs300-e10-rs4 firmware
- version/asus rs300-e10-rs4 firmware/1.13.6
- canonical/asus rs300-e10-rs4
- canonical/asus rs500a-e9-ps4 firmware
- version/asus rs500a-e9-ps4 firmware/1.14.1
- canonical/asus rs500a-e9-ps4
- canonical/asus rs500a-e9-rs4 firmware
- version/asus rs500a-e9-rs4 firmware/1.14.1
- canonical/asus rs500a-e9-rs4
- canonical/asus rs500a-e9 rs4 u firmware
- version/asus rs500a-e9 rs4 u firmware/1.14.1
- canonical/asus rs500a-e9 rs4 u
- canonical/asus e700 g4 firmware
- version/asus e700 g4 firmware/1.14.1
- canonical/asus e700 g4
- canonical/asus ws c422 pro\/se firmware
- version/asus ws c422 pro\/se firmware/1.14.1
- canonical/asus ws c422 pro\/se
- canonical/asus ws x299 pro\/se firmware
- version/asus ws x299 pro\/se firmware/1.14.1
- canonical/asus ws x299 pro\/se
- canonical/asus z11pa-u12 firmware
- version/asus z11pa-u12 firmware/1.15.1
- canonical/asus z11pa-u12
- canonical/asus z11pa-u12\/10g-2s firmware
- version/asus z11pa-u12\/10g-2s firmware/1.15.1
- canonical/asus z11pa-u12\/10g-2s
- canonical/asus knpa-u16 firmware
- version/asus knpa-u16 firmware/1.13.4
- canonical/asus knpa-u16
- canonical/asus esc4000 dhd g4 firmware
- version/asus esc4000 dhd g4 firmware/1.13.7
- canonical/asus esc4000 dhd g4
- canonical/asus esc4000 g4 firmware
- version/asus esc4000 g4 firmware/1.15.2
- canonical/asus esc4000 g4
- canonical/asus rs720q-e9-rs24-s firmware
- version/asus rs720q-e9-rs24-s firmware/1.15.0
- canonical/asus rs720q-e9-rs24-s
- canonical/asus rs720q-e9-rs8 firmware
- version/asus rs720q-e9-rs8 firmware/1.15.0
- canonical/asus rs720q-e9-rs8
- canonical/asus rs720q-e9-rs8-s firmware
- version/asus rs720q-e9-rs8-s firmware/1.15.0
- canonical/asus rs720q-e9-rs8-s
- canonical/asus z11pa-d8 firmware
- version/asus z11pa-d8 firmware/1.14.1
- canonical/asus z11pa-d8
- canonical/asus z11pa-d8c firmware
- version/asus z11pa-d8c firmware/1.14.1
- canonical/asus z11pa-d8c
- canonical/asus rs720-e9-rs24-u firmware
- version/asus rs720-e9-rs24-u firmware/1.14.3
- canonical/asus rs720-e9-rs24-u
- canonical/asus rs720-e9-rs8-g firmware
- version/asus rs720-e9-rs8-g firmware/1.15.2
- canonical/asus rs720-e9-rs8-g
- canonical/asus rs500-e9-ps4 firmware
- version/asus rs500-e9-ps4 firmware/1.15.4
- canonical/asus rs500-e9-ps4
- canonical/asus pro e800 g4 firmware
- version/asus pro e800 g4 firmware/1.14.2
- canonical/asus pro e800 g4
- canonical/asus rs500-e9-rs4 firmware
- version/asus rs500-e9-rs4 firmware/1.15.4
- canonical/asus rs500-e9-rs4
- canonical/asus rs500-e9-rs4-u firmware
- version/asus rs500-e9-rs4-u firmware/1.15.4
- canonical/asus rs500-e9-rs4-u
- canonical/asus rs520-e9-rs12-e firmware
- version/asus rs520-e9-rs12-e firmware/1.15.3
- canonical/asus rs520-e9-rs12-e
- canonical/asus rs520-e9-rs8 firmware
- version/asus rs520-e9-rs8 firmware/1.15.3
- canonical/asus rs520-e9-rs8
- canonical/asus esc8000 g4 firmware
- version/asus esc8000 g4 firmware/1.15.4
- canonical/asus esc8000 g4
- canonical/asus esc8000 g4\/10g firmware
- version/asus esc8000 g4\/10g firmware/1.15.4
- canonical/asus esc8000 g4\/10g
- canonical/asus rs720-e9-rs12-e firmware
- version/asus rs720-e9-rs12-e firmware/1.15.2
- canonical/asus rs720-e9-rs12-e
- canonical/asus ws c621e sage firmware
- version/asus ws c621e sage firmware/1.15.1
- canonical/asus ws c621e sage
- canonical/asus rs500a-e10-ps4 firmware
- version/asus rs500a-e10-ps4 firmware/1.15.2
- canonical/asus rs500a-e10-ps4
- canonical/asus rs500a-e10-rs4 firmware
- version/asus rs500a-e10-rs4 firmware/1.15.2
- canonical/asus rs500a-e10-rs4
- canonical/asus rs700a-e9-rs12v2 firmware
- version/asus rs700a-e9-rs12v2 firmware/1.15.1
- canonical/asus rs700a-e9-rs12v2
- canonical/asus rs700a-e9-rs4v2 firmware
- version/asus rs700a-e9-rs4v2 firmware/1.15.1
- canonical/asus rs700a-e9-rs4v2
- canonical/asus rs720a-e9-rs12v2 firmware
- version/asus rs720a-e9-rs12v2 firmware/1.15.2
- canonical/asus rs720a-e9-rs12v2
- canonical/asus rs720a-e9-rs24v2 firmware
- version/asus rs720a-e9-rs24v2 firmware/1.15.1
- canonical/asus rs720a-e9-rs24v2
- canonical/asus z11pr-d16 firmware
- version/asus z11pr-d16 firmware/1.15.3
- canonical/asus z11pr-d16