1. Home
  2. CVE Database
  3. CVE-2021-28190
MEDIUM · 4.9

CVE-2021-28190

The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. A...

Vulnerability Description

The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
AsusAsmb9-Ikvm Firmware1.11.12
AsusAsmb9-Ikvm-
AsusRs720A-E9-Rs24-E Firmware1.10.3
AsusRs720A-E9-Rs24-E-
AsusRs700A-E9-Rs4 Firmware1.10.0
AsusRs700A-E9-Rs4-
AsusRs700-E9-Rs4 Firmware1.09
AsusRs700-E9-Rs4-
AsusEsc4000 G4X Firmware1.11.6
AsusEsc4000 G4X-
AsusRs700-E9-Rs12 Firmware1.11.5
AsusRs700-E9-Rs12-
AsusRs100-E10-Pi2 Firmware1.13.6
AsusRs100-E10-Pi2-
AsusRs300-E10-Ps4 Firmware1.13.6
AsusRs300-E10-Ps4-
AsusRs300-E10-Rs4 Firmware1.13.6
AsusRs300-E10-Rs4-
AsusRs500A-E9-Ps4 Firmware1.14.1
AsusRs500A-E9-Ps4-

Related Weaknesses (CWE)

CWE-120

References

FAQ

What is CVE-2021-28190?

CVE-2021-28190 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The specific function in ASUS BMC’s firmware Web management page (Generate new certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. A...

How severe is CVE-2021-28190?

CVE-2021-28190 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-28190?

Check the references section above for vendor advisories and patch information. Affected products include: Asus Asmb9-Ikvm Firmware, Asus Asmb9-Ikvm, Asus Rs720A-E9-Rs24-E Firmware, Asus Rs720A-E9-Rs24-E, Asus Rs700A-E9-Rs4 Firmware.