First published: Tue Apr 06 2021(Updated: )
The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Credit: twcert@cert.org.tw
Affected Software | Affected Version | How to fix |
---|---|---|
Asus Asmb9-ikvm Firmware | =1.11.12 | |
Asus Asmb9-ikvm | ||
Asus Rs720a-e9-rs24-e Firmware | =1.10.3 | |
Asus Rs720a-e9-rs24-e | ||
Asus Rs700a-e9-rs4 Firmware | =1.10.0 | |
Asus Rs700a-e9-rs4 | ||
Asus Rs700-e9-rs4 Firmware | =1.09 | |
Asus Rs700-e9-rs4 | ||
Asus Esc4000 G4x Firmware | =1.11.6 | |
Asus Esc4000 G4x | ||
Asus Rs700-e9-rs12 Firmware | =1.11.5 | |
Asus Rs700-e9-rs12 | ||
Asus Rs100-e10-pi2 Firmware | =1.13.6 | |
Asus Rs100-e10-pi2 | ||
Asus Rs300-e10-ps4 Firmware | =1.13.6 | |
Asus Rs300-e10-ps4 | ||
Asus Rs300-e10-rs4 Firmware | =1.13.6 | |
Asus Rs300-e10-rs4 | ||
Asus Rs500a-e9-ps4 Firmware | =1.14.1 | |
Asus Rs500a-e9-ps4 | ||
Asus Rs500a-e9-rs4 Firmware | =1.14.1 | |
Asus Rs500a-e9-rs4 | ||
Asus Rs500a-e9 Rs4 U Firmware | =1.14.1 | |
Asus Rs500a-e9 Rs4 U | ||
Asus E700 G4 Firmware | =1.14.1 | |
Asus E700 G4 | ||
Asus Ws C422 Pro\/se Firmware | =1.14.1 | |
Asus Ws C422 Pro\/se | ||
Asus Ws X299 Pro\/se Firmware | =1.14.1 | |
Asus Ws X299 Pro\/se | ||
Asus Z11pa-u12 Firmware | =1.15.1 | |
Asus Z11pa-u12 | ||
Asus Z11pa-u12\/10g-2s Firmware | =1.15.1 | |
Asus Z11pa-u12\/10g-2s | ||
Asus Knpa-u16 Firmware | =1.13.4 | |
Asus Knpa-u16 | ||
Asus Esc4000 Dhd G4 Firmware | =1.13.7 | |
Asus Esc4000 Dhd G4 | ||
Asus Esc4000 G4 Firmware | =1.15.2 | |
Asus Esc4000 G4 | ||
Asus Rs720q-e9-rs24-s Firmware | =1.15.0 | |
Asus Rs720q-e9-rs24-s | ||
Asus Rs720q-e9-rs8 Firmware | =1.15.0 | |
Asus Rs720q-e9-rs8 | ||
Asus Rs720q-e9-rs8-s Firmware | =1.15.0 | |
Asus Rs720q-e9-rs8-s | ||
Asus Z11pa-d8 Firmware | =1.14.1 | |
Asus Z11pa-d8 | ||
Asus Z11pa-d8c Firmware | =1.14.1 | |
Asus Z11pa-d8c | ||
Asus Rs720-e9-rs24-u Firmware | =1.14.3 | |
Asus Rs720-e9-rs24-u | ||
Asus Rs720-e9-rs8-g Firmware | =1.15.2 | |
Asus Rs720-e9-rs8-g | ||
Asus Rs500-e9-ps4 Firmware | =1.15.4 | |
Asus Rs500-e9-ps4 | ||
Asus Pro E800 G4 Firmware | =1.14.2 | |
Asus Pro E800 G4 | ||
Asus Rs500-e9-rs4 Firmware | =1.15.4 | |
Asus Rs500-e9-rs4 | ||
Asus Rs500-e9-rs4-u Firmware | =1.15.4 | |
Asus Rs500-e9-rs4-u | ||
Asus Rs520-e9-rs12-e Firmware | =1.15.3 | |
Asus Rs520-e9-rs12-e | ||
Asus Rs520-e9-rs8 Firmware | =1.15.3 | |
Asus Rs520-e9-rs8 | ||
Asus Esc8000 G4 Firmware | =1.15.4 | |
Asus Esc8000 G4 | ||
Asus Esc8000 G4\/10g Firmware | =1.15.4 | |
Asus Esc8000 G4\/10g | ||
Asus Rs720-e9-rs12-e Firmware | =1.15.2 | |
Asus Rs720-e9-rs12-e | ||
Asus Ws C621e Sage Firmware | =1.15.1 | |
Asus Ws C621e Sage | ||
Asus Rs500a-e10-ps4 Firmware | =1.15.2 | |
Asus Rs500a-e10-ps4 | ||
Asus Rs500a-e10-rs4 Firmware | =1.15.2 | |
Asus Rs500a-e10-rs4 | ||
Asus Rs700a-e9-rs12v2 Firmware | =1.15.1 | |
Asus Rs700a-e9-rs12v2 | ||
Asus Rs700a-e9-rs4v2 Firmware | =1.15.1 | |
Asus Rs700a-e9-rs4v2 | ||
Asus Rs720a-e9-rs12v2 Firmware | =1.15.2 | |
Asus Rs720a-e9-rs12v2 | ||
Asus Rs720a-e9-rs24v2 Firmware | =1.15.1 | |
Asus Rs720a-e9-rs24v2 | ||
Asus Z11pr-d16 Firmware | =1.15.3 | |
Asus Z11pr-d16 |
update BMC's firmwares to the following versions: ESC4000 G4X 1.15.6 RS700-E9-RS12 1.15.4 RS100-E10-PI2 1.15.3 RS300-E10-PS4 1.15.3 RS300-E10-RS4 1.15.3 RS500A-E9-PS4 1.14.2 RS500A-E9-RS4 1.14.2 RS500A-E9 RS4 U 1.14.2 E700 G4 1.14.2 WS C422 PRO/SE 1.14.2 WS X299 PRO/SE 1.14.2 Z11PA-U12 1.15.2 KNPA-U16 1.14.5 ESC4000 DHD G4 1.15.2 ESC4000 G4 1.15.6 RS720Q-E9-RS24-S 1.15.1 RS720Q-E9-RS8 1.15.1 RS720Q-E9-RS8-S 1.15.1 Z11PA-D8 1.15.2 Z11PA-D8C 1.15.2 RS720-E9-RS24-U 1.15.5 RS720-E9-RS8-G 1.15.4 RS500-E9-PS4 1.15.5 Pro E800 G4 1.15.2 RS500-E9-RS4 1.15.5 RS500-E9-RS4-U 1.15.5 RS520-E9-RS12-E 1.15.4 RS520-E9-RS8 1.15.4 ESC8000 G4 1.15.5 ESC8000 G4/10G 1.15.5 RS720-E9-RS12-E 1.15.3 WS C621E SAGE 1.15.3 RS500A-E10-PS4 1.15.3 RS500A-E10-RS4 1.15.3 RS700A-E9-RS12V2 1.15.3 RS700A-E9-RS4V2 1.15.3 RS720A-E9-RS12V2 1.15.3 RS720A-E9-RS24V2 1.15.3 Z11PR-D16 1.15.4
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.