CVE-2021-28196

ASUS BMC's firmware: buffer overflow - Generate SSL certificate function

Description

The specific function in ASUS BMC’s firmware Web management page (Generate SSL certificate function) does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service.

Remediation

Solution:

  • update BMC's firmwares to the following versions: ESC4000 G4X 1.15.6 RS700-E9-RS12 1.15.4 RS100-E10-PI2 1.15.3 RS300-E10-PS4 1.15.3 RS300-E10-RS4 1.15.3 RS500A-E9-PS4 1.14.2 RS500A-E9-RS4 1.14.2 RS500A-E9 RS4 U 1.14.2 E700 G4 1.14.2 WS C422 PRO/SE 1.14.2 WS X299 PRO/SE 1.14.2 Z11PA-U12 1.15.2 KNPA-U16 1.14.5 ESC4000 DHD G4 1.15.2 ESC4000 G4 1.15.6 RS720Q-E9-RS24-S 1.15.1 RS720Q-E9-RS8 1.15.1 RS720Q-E9-RS8-S 1.15.1 Z11PA-D8 1.15.2 Z11PA-D8C 1.15.2 RS720-E9-RS24-U 1.15.5 RS720-E9-RS8-G 1.15.4 RS500-E9-PS4 1.15.5 Pro E800 G4 1.15.2 RS500-E9-RS4 1.15.5 RS500-E9-RS4-U 1.15.5 RS520-E9-RS12-E 1.15.4 RS520-E9-RS8 1.15.4 ESC8000 G4 1.15.5 ESC8000 G4/10G 1.15.5 RS720-E9-RS12-E 1.15.3 WS C621E SAGE 1.15.3 RS500A-E10-PS4 1.15.3 RS500A-E10-RS4 1.15.3 RS700A-E9-RS12V2 1.15.3 RS700A-E9-RS4V2 1.15.3 RS720A-E9-RS12V2 1.15.3 RS720A-E9-RS24V2 1.15.3 Z11PR-D16 1.15.4

Category

4.9
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.66%
Vendor Advisory asus.com Vendor Advisory asus.com
Affected: ASUS BMC firmware for ASMB9-iKVM
Affected: ASUS BMC firmware for RS720A-E9-RS24-E
Affected: ASUS BMC firmware for RS700A-E9-RS4
Affected: ASUS BMC firmware for RS700-E9-RS4
Affected: ASUS BMC firmware for ESC4000 G4X
Affected: ASUS BMC firmware for RS700-E9-RS12
Affected: ASUS BMC firmware for RS100-E10-PI2
Affected: ASUS BMC firmware for RS300-E10-PS4
Affected: ASUS BMC firmware for RS300-E10-RS4
Affected: ASUS BMC firmware for RS500A-E9-PS4
Affected: ASUS BMC firmware for RS500A-E9-RS4
Affected: ASUS BMC firmware for RS500A-E9 RS4
Affected: ASUS BMC firmware for E700 G4
Affected: ASUS BMC firmware for WS C422 PRO/SE
Affected: ASUS BMC firmware for WS X299 PRO/SE
Affected: ASUS BMC firmware for Z11PA-U12
Affected: ASUS BMC firmware for Z11PA-U12/10G-2S
Affected: ASUS BMC firmware for KNPA-U16
Affected: ASUS BMC firmware for ESC4000 DHD G4
Affected: ASUS BMC firmware for ESC4000 G4
Affected: ASUS BMC firmware for RS720Q-E9-RS24-S
Affected: ASUS BMC firmware for RS720Q-E9-RS8
Affected: ASUS BMC firmware for RS720Q-E9-RS8-S
Affected: ASUS BMC firmware for Z11PA-D8
Affected: ASUS BMC firmware for Z11PA-D8C
Affected: ASUS BMC firmware for RS720-E9-RS24-U
Affected: ASUS BMC firmware for RS720-E9-RS8-G
Affected: ASUS BMC firmware for RS500-E9-PS4
Affected: ASUS BMC firmware for Pro E800 G4
Affected: ASUS BMC firmware for RS500-E9-RS4
Affected: ASUS BMC firmware for RS500-E9-RS4-U
Affected: ASUS BMC firmware for RS520-E9-RS12-E
Affected: ASUS BMC firmware for RS520-E9-RS8
Affected: ASUS BMC firmware for ESC8000 G4
Affected: ASUS BMC firmware for ESC8000 G4/10G
Affected: ASUS BMC firmware for RS720-E9-RS12-E
Affected: ASUS BMC firmware for WS C621E SAGE
Affected: ASUS BMC firmware for RS500A-E10-PS4
Affected: ASUS BMC firmware for RS500A-E10-RS4
Affected: ASUS BMC firmware for RS700A-E9-RS12V2
Affected: ASUS BMC firmware for RS700A-E9-RS4V2
Affected: ASUS BMC firmware for RS720A-E9-RS12V2
Affected: ASUS BMC firmware for RS720A-E9-RS24V2
Affected: ASUS BMC firmware for Z11PR-D16
Published at:
Updated at:

References

Link Tags
https://www.asus.com/content/ASUS-Product-Security-Advisory/ vendor advisory
https://www.asus.com/tw/support/callus/ vendor advisory
https://www.twcert.org.tw/tw/cp-132-4566-9154b-1.html third party advisory

Frequently Asked Questions

What is the severity of CVE-2021-28196?
CVE-2021-28196 has been scored as a medium severity vulnerability.
How to fix CVE-2021-28196?
To fix CVE-2021-28196: update BMC's firmwares to the following versions: ESC4000 G4X 1.15.6 RS700-E9-RS12 1.15.4 RS100-E10-PI2 1.15.3 RS300-E10-PS4 1.15.3 RS300-E10-RS4 1.15.3 RS500A-E9-PS4 1.14.2 RS500A-E9-RS4 1.14.2 RS500A-E9 RS4 U 1.14.2 E700 G4 1.14.2 WS C422 PRO/SE 1.14.2 WS X299 PRO/SE 1.14.2 Z11PA-U12 1.15.2 KNPA-U16 1.14.5 ESC4000 DHD G4 1.15.2 ESC4000 G4 1.15.6 RS720Q-E9-RS24-S 1.15.1 RS720Q-E9-RS8 1.15.1 RS720Q-E9-RS8-S 1.15.1 Z11PA-D8 1.15.2 Z11PA-D8C 1.15.2 RS720-E9-RS24-U 1.15.5 RS720-E9-RS8-G 1.15.4 RS500-E9-PS4 1.15.5 Pro E800 G4 1.15.2 RS500-E9-RS4 1.15.5 RS500-E9-RS4-U 1.15.5 RS520-E9-RS12-E 1.15.4 RS520-E9-RS8 1.15.4 ESC8000 G4 1.15.5 ESC8000 G4/10G 1.15.5 RS720-E9-RS12-E 1.15.3 WS C621E SAGE 1.15.3 RS500A-E10-PS4 1.15.3 RS500A-E10-RS4 1.15.3 RS700A-E9-RS12V2 1.15.3 RS700A-E9-RS4V2 1.15.3 RS720A-E9-RS12V2 1.15.3 RS720A-E9-RS24V2 1.15.3 Z11PR-D16 1.15.4
Is CVE-2021-28196 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-28196 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-28196?
CVE-2021-28196 affects ASUS BMC firmware for ASMB9-iKVM, ASUS BMC firmware for RS720A-E9-RS24-E, ASUS BMC firmware for RS700A-E9-RS4, ASUS BMC firmware for RS700-E9-RS4, ASUS BMC firmware for ESC4000 G4X, ASUS BMC firmware for RS700-E9-RS12, ASUS BMC firmware for RS100-E10-PI2, ASUS BMC firmware for RS300-E10-PS4, ASUS BMC firmware for RS300-E10-RS4, ASUS BMC firmware for RS500A-E9-PS4, ASUS BMC firmware for RS500A-E9-RS4, ASUS BMC firmware for RS500A-E9 RS4, ASUS BMC firmware for E700 G4, ASUS BMC firmware for WS C422 PRO/SE, ASUS BMC firmware for WS X299 PRO/SE, ASUS BMC firmware for Z11PA-U12, ASUS BMC firmware for Z11PA-U12/10G-2S, ASUS BMC firmware for KNPA-U16, ASUS BMC firmware for ESC4000 DHD G4, ASUS BMC firmware for ESC4000 G4, ASUS BMC firmware for RS720Q-E9-RS24-S, ASUS BMC firmware for RS720Q-E9-RS8, ASUS BMC firmware for RS720Q-E9-RS8-S, ASUS BMC firmware for Z11PA-D8, ASUS BMC firmware for Z11PA-D8C, ASUS BMC firmware for RS720-E9-RS24-U, ASUS BMC firmware for RS720-E9-RS8-G, ASUS BMC firmware for RS500-E9-PS4, ASUS BMC firmware for Pro E800 G4, ASUS BMC firmware for RS500-E9-RS4, ASUS BMC firmware for RS500-E9-RS4-U, ASUS BMC firmware for RS520-E9-RS12-E, ASUS BMC firmware for RS520-E9-RS8, ASUS BMC firmware for ESC8000 G4, ASUS BMC firmware for ESC8000 G4/10G, ASUS BMC firmware for RS720-E9-RS12-E, ASUS BMC firmware for WS C621E SAGE, ASUS BMC firmware for RS500A-E10-PS4, ASUS BMC firmware for RS500A-E10-RS4, ASUS BMC firmware for RS700A-E9-RS12V2, ASUS BMC firmware for RS700A-E9-RS4V2, ASUS BMC firmware for RS720A-E9-RS12V2, ASUS BMC firmware for RS720A-E9-RS24V2, ASUS BMC firmware for Z11PR-D16.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.