The Service configuration-1 function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.
| Version | Base score | Base severity | Vector |
|---|---|---|---|
| 3.1 | 4.9 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H |
| CAPEC ID | Description |
|---|
update BMC's firmwares to the following versions: ESC4000 G4X 1.15.6 RS700-E9-RS12 1.15.4 RS100-E10-PI2 1.15.3 RS300-E10-PS4 1.15.3 RS300-E10-RS4 1.15.3 RS500A-E9-PS4 1.14.2 RS500A-E9-RS4 1.14.2 RS500A-E9 RS4 U 1.14.2 E700 G4 1.14.2 WS C422 PRO/SE 1.14.2 WS X299 PRO/SE 1.14.2 Z11PA-U12 1.15.2 KNPA-U16 1.14.5 ESC4000 DHD G4 1.15.2 ESC4000 G4 1.15.6 RS720Q-E9-RS24-S 1.15.1 RS720Q-E9-RS8 1.15.1 RS720Q-E9-RS8-S 1.15.1 Z11PA-D8 1.15.2 Z11PA-D8C 1.15.2 RS720-E9-RS24-U 1.15.5 RS720-E9-RS8-G 1.15.4 RS500-E9-PS4 1.15.5 Pro E800 G4 1.15.2 RS500-E9-RS4 1.15.5 RS500-E9-RS4-U 1.15.5 RS520-E9-RS12-E 1.15.4 RS520-E9-RS8 1.15.4 ESC8000 G4 1.15.5 ESC8000 G4/10G 1.15.5 RS720-E9-RS12-E 1.15.3 WS C621E SAGE 1.15.3 RS500A-E10-PS4 1.15.3 RS500A-E10-RS4 1.15.3 RS700A-E9-RS12V2 1.15.3 RS700A-E9-RS4V2 1.15.3 RS720A-E9-RS12V2 1.15.3 RS720A-E9-RS24V2 1.15.3 Z11PR-D16 1.15.4
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://www.asus.com/content/ASUS-Product-Security-Advisory/ | x_refsource_MISC |
| https://www.asus.com/tw/support/callus/ | x_refsource_MISC |
| https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html | x_refsource_MISC |
| Version | Base score | Base severity | Vector |
|---|
| CAPEC ID | Description |
|---|
| Event | Date |
|---|
| Hyperlink | Resource |
|---|---|
| https://www.asus.com/content/ASUS-Product-Security-Advisory/ | x_refsource_MISC x_transferred |
| https://www.asus.com/tw/support/callus/ | x_refsource_MISC x_transferred |
| https://www.twcert.org.tw/tw/cp-132-4571-d454c-1.html | x_refsource_MISC x_transferred |