Asus Bmc Firmware For Rs720Q-E9-Rs8-S vulnerabilities

CVE-2021-28191 [MEDIUM] CWE-120 CVE-2021-28191: The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string l The Firmware update function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE-2021-28196 [MEDIUM] CWE-120 CVE-2021-28196: The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE-2021-28198 [MEDIUM] CWE-120 CVE-2021-28198: The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not ver The Firmware protocol configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE-2021-28195 [MEDIUM] CWE-120 CVE-2021-28195: The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the str The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE-2021-28199 [MEDIUM] CWE-120 CVE-2021-28199: The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE-2021-28206 [MEDIUM] CWE-22 CVE-2021-28206: The specific function in ASUS BMC’s firmware Web management page (Record video file function) does n The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

CVE-2021-28201 [MEDIUM] CWE-120 CVE-2021-28201: The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE-2021-28202 [MEDIUM] CWE-120 CVE-2021-28202: The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE-2021-28192 [MEDIUM] CWE-120 CVE-2021-28192: The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) doe The specific function in ASUS BMC’s firmware Web management page (Remote video storage function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE-2021-28197 [MEDIUM] CWE-120 CVE-2021-28197: The Active Directory configuration function in ASUS BMC’s firmware Web management page does not veri The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE-2021-28194 [MEDIUM] CWE-120 CVE-2021-28194: The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting The specific function in ASUS BMC’s firmware Web management page (Remote image configuration setting) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE-2021-28209 [MEDIUM] CWE-22 CVE-2021-28209: The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does n The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

CVE-2021-28208 [MEDIUM] CWE-22 CVE-2021-28208: The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

CVE-2021-28190 [MEDIUM] CWE-120 CVE-2021-28190: The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE-2021-28193 [MEDIUM] CWE-120 CVE-2021-28193: The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the strin The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE-2021-28200 [MEDIUM] CWE-120 CVE-2021-28200: The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the s The CD media configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVE-2021-28207 [MEDIUM] CWE-22 CVE-2021-28207: The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not f The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.