CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
71.8%
The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
[
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
]
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
71.8%