CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
71.8%
The Service configuration-2 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
Vendor | Product | Version | CPE |
---|---|---|---|
asus | asmb9-ikvm_firmware | 1.11.12 | cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:* |
asus | asmb9-ikvm | - | cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:* |
asus | rs720a-e9-rs24-e_firmware | 1.10.3 | cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:* |
asus | rs720a-e9-rs24-e | - | cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:* |
asus | rs700a-e9-rs4_firmware | 1.10.0 | cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:* |
asus | rs700a-e9-rs4 | - | cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:* |
asus | rs700-e9-rs4 | - | cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:* |
asus | rs700-e9-rs4_firmware | 1.09 | cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:* |
asus | esc4000_g4x | - | cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:* |
asus | esc4000_g4x_firmware | 1.11.6 | cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:* |
[
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
]
More
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
71.8%