Asus Asmb8-Ikvm Firmware vulnerabilities
19 known vulnerabilities affecting asus/asmb8-ikvm_firmware.
Total CVEs
19
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM16
Vulnerabilities
Page 1 of 1
CVE-2023-26602CRITICALCVSS 9.8PoC≤ 1.14.512023-02-26
CVE-2023-26602 [CRITICAL] CWE-77 CVE-2023-26602: ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.
nvd
CVE-2021-28203HIGHCVSS 7.2v1.14.512021-04-06
CVE-2021-28203 [HIGH] CWE-78 CVE-2021-28203: The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the spec
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
nvd
CVE-2021-28204HIGHCVSS 7.2v1.14.512021-04-06
CVE-2021-28204 [HIGH] CWE-78 CVE-2021-28204: The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.
nvd
CVE-2021-28184MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28184 [MEDIUM] CWE-120 CVE-2021-28184: The Active Directory configuration function in ASUS BMC’s firmware Web management page does not veri
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28180MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28180 [MEDIUM] CWE-120 CVE-2021-28180: The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) d
The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28175MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28175 [MEDIUM] CWE-120 CVE-2021-28175: The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the str
The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28186MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28186 [MEDIUM] CWE-120 CVE-2021-28186: The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisitio
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28188MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28188 [MEDIUM] CWE-120 CVE-2021-28188: The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28205MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28205 [MEDIUM] CWE-22 CVE-2021-28205: The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) do
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
nvd
CVE-2021-28176MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28176 [MEDIUM] CWE-120 CVE-2021-28176: The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string
The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28177MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28177 [MEDIUM] CWE-120 CVE-2021-28177: The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the strin
The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28189MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28189 [MEDIUM] CWE-120 CVE-2021-28189: The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the strin
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28187MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28187 [MEDIUM] CWE-120 CVE-2021-28187: The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does
The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28183MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28183 [MEDIUM] CWE-120 CVE-2021-28183: The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting)
The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28179MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28179 [MEDIUM] CWE-120 CVE-2021-28179: The specific function in ASUS BMC’s firmware Web management page (Media support configuration settin
The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28178MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28178 [MEDIUM] CWE-120 CVE-2021-28178: The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the strin
The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28185MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28185 [MEDIUM] CWE-120 CVE-2021-28185: The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisitio
The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28182MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28182 [MEDIUM] CWE-120 CVE-2021-28182: The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify th
The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd
CVE-2021-28181MEDIUMCVSS 4.9v1.14.512021-04-06
CVE-2021-28181 [MEDIUM] CWE-120 CVE-2021-28181: The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting
The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
nvd