TVN ID | TVN-202103023 |
---|---|
CVE ID | CVE-2021-28196 |
CVSS | 4.9 (Medium) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
影響產品 | 受影響產品之對應韌體: ASMB9-iKVM 1.11.12 RS720A-E9-RS24-E 1.10.3 RS700A-E9-RS4 1.10.0 RS700-E9-RS4 1.09 ESC4000 G4X 1.11.6 RS700-E9-RS12 1.11.5 RS100-E10-PI2 1.13.6 RS300-E10-PS4 1.13.6 RS300-E10-RS4 1.13.6 RS500A-E9-PS4 1.14.1 RS500A-E9-RS4 1.14.1 RS500A-E9 RS4 U 1.14.1 E700 G4 1.14.1 WS C422 PRO/SE 1.14.1 WS X299 PRO/SE 1.14.1 Z11PA-U12 1.15.1 Z11PA-U12/10G-2S 1.15.1 KNPA-U16 1.13.4 ESC4000 DHD G4 1.13.7 ESC4000 G4 1.15.2 RS720Q-E9-RS24-S 1.15.0 RS720Q-E9-RS8 1.15.0 RS720Q-E9-RS8-S 1.15.0 Z11PA-D8 1.14.1 Z11PA-D8C 1.14.1 RS720-E9-RS24-U 1.14.3 RS720-E9-RS8-G 1.15.2 RS500-E9-PS4 1.15.4 Pro E800 G4 1.14.2 RS500-E9-RS4 1.15.4 RS500-E9-RS4-U 1.15.4 RS520-E9-RS12-E 1.15.3 RS520-E9-RS8 1.15.3 ESC8000 G4 1.15.4 ESC8000 G4/10G 1.15.4 RS720-E9-RS12-E 1.15.2 WS C621E SAGE 1.15.1 RS500A-E10-PS4 1.15.2 RS500A-E10-RS4 1.15.2 RS700A-E9-RS12V2 1.15.1 RS700A-E9-RS4V2 1.15.1 RS720A-E9-RS12V2 1.15.2 RS720A-E9-RS24V2 1.15.1 Z11PR-D16 1.15.3 |
問題描述 | ASUS BMC's firmware之Web管理頁面中的特定函式(生成SSL憑證之功能)未驗證使用者輸入的字串長度,導致Buffer overflow漏洞。攻擊者取得管理者權限後,可利用該漏洞使Web service異常終止。 |
解決方法 | 以下受影響產品更新相對韌體至相對應版本: ASMB9-iKVM 1.15.3 RS700-E9-RS4 1.15.4 ESC4000 G4X 1.15.6 RS700-E9-RS12 1.15.4 RS100-E10-PI2 1.15.3 RS300-E10-PS4 1.15.3 RS300-E10-RS4 1.15.3 RS500A-E9-PS4 1.14.2 RS500A-E9-RS4 1.14.2 RS500A-E9 RS4 U 1.14.2 E700 G4 1.14.2 WS C422 PRO/SE 1.14.2 WS X299 PRO/SE 1.14.2 Z11PA-U12 1.15.2 Z11PA-U12/10G-2S 1.15.2 KNPA-U16 1.14.5 ESC4000 DHD G4 1.15.2 ESC4000 G4 1.15.6 RS720Q-E9-RS24-S 1.15.1 RS720Q-E9-RS8 1.15.1 RS720Q-E9-RS8-S 1.15.1 Z11PA-D8 1.15.2 Z11PA-D8C 1.15.2 RS720-E9-RS24-U 1.15.5 RS720-E9-RS8-G 1.15.4 RS500-E9-PS4 1.15.5 Pro E800 G4 1.15.2 RS500-E9-RS4 1.15.5 RS500-E9-RS4-U 1.15.5 RS520-E9-RS12-E 1.15.4 RS520-E9-RS8 1.15.4 ESC8000 G4 1.15.5 ESC8000 G4/10G 1.15.5 RS720-E9-RS12-E 1.15.3 WS C621E SAGE 1.15.3 RS500A-E10-PS4 1.15.3 RS500A-E10-RS4 1.15.3 RS700A-E9-RS12V2 1.15.3 RS700A-E9-RS4V2 1.15.3 RS720A-E9-RS12V2 1.15.3 RS720A-E9-RS24V2 1.15.3 Z11PR-D16 1.15.4 |
漏洞通報者 | ASUS |
公開日期 | 2021-04-06 |