CVE-2021-28193

CVSS V2 Medium 4 CVSS V3 Medium 4.9
Description
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Overview
  • CVE ID
  • CVE-2021-28193
  • Assigner
  • twcert@cert.org.tw
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2021-04-06T05:15:16
  • Last Modified Date
  • 2021-04-13T18:05:11
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:ws_c422_pro\/se_firmware:1.14.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:ws_c422_pro\/se:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:ws_x299_pro\/se_firmware:1.14.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:ws_x299_pro\/se:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:z11pa-u12\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:z11pa-u12\/10g-2s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:esc8000_g4\/10g_firmware:1.15.4:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:esc8000_g4\/10g:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:S/C:N/I:N/A:P
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • PARTIAL
  • Base Score
  • 4
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8
  • Impact Score
  • 2.9
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • HIGH
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 4.9
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 1.2
  • Impact Score
  • 3.6
History
Created Old Value New Value Data Type Notes
2022-05-10 07:15:57 Added to TrackCVE
2022-12-06 01:12:02 cve@cert.org.tw twcert@cert.org.tw CVE Assigner updated
2022-12-06 01:12:02 2021-04-06T05:15Z 2021-04-06T05:15:16 CVE Published Date updated
2022-12-06 01:12:02 2021-04-13T18:05:11 CVE Modified Date updated
2022-12-06 01:12:02 Analyzed Vulnerability Status updated