Products

Solutions

Company

Book A Live Demo

CVE-2021-28195 : What You Need to Know

Learn about CVE-2021-28195, a buffer overflow vulnerability in ASUS BMC's firmware that allows remote attackers to terminate the web service. Find out impacted systems and versions in this detailed article.

A Buffer overflow vulnerability in ASUS BMC's firmware allows remote attackers to terminate the Web service by manipulating the Radius configuration function.

Understanding CVE-2021-28195

This CVE details a vulnerability in ASUS BMC's firmware that could be exploited by remote attackers to induce buffer overflow.

What is CVE-2021-28195?

The vulnerability in the Radius configuration function of ASUS BMC's firmware allows remote attackers to trigger a buffer overflow, potentially disrupting the web service.

The Impact of CVE-2021-28195

The vulnerability poses a medium-severity risk with a CVSS base score of 4.9, enabling attackers to terminate the web service without proper verification of user inputs.

Technical Details of CVE-2021-28195

The vulnerability affects multiple ASUS BMC firmware versions across various products.

Vulnerability Description

The Radius configuration function lacks proper user input validation, leading to a buffer overflow vulnerability when manipulated by remote attackers.

Affected Systems and Versions

ASUS BMC firmware versions 1.09 to 1.15.6 across different product lines are susceptible to this buffer overflow vulnerability.

Exploitation Mechanism

Remote attackers exploit the lack of string length validation in the Radius configuration function to trigger a buffer overflow, causing abnormal termination of the web service.

Mitigation and Prevention

To address CVE-2021-28195, it is crucial to update the affected BMC firmware versions to the following:

ESC4000 G4X 1.15.6

RS700-E9-RS12 1.15.4

RS100-E10-PI2 1.15.3

RS300-E10-PS4 1.15.3

solutions

Immediate Steps to Take

System administrators should implement the provided firmware updates as soon as possible to mitigate the risk of exploitation by remote attackers.

Long-Term Security Practices

Regularly monitoring and applying security patches to firmware and software components can help prevent similar vulnerabilities in the future.

Patching and Updates

Stay informed about security advisories from ASUS to apply timely patches and updates to prevent potential exploits.

CVE-2021-28195 : What You Need to Know

Understanding CVE-2021-28195

What is CVE-2021-28195?

The Impact of CVE-2021-28195

Technical Details of CVE-2021-28195

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2021-28195 : What You Need to Know

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2021-28195

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2021-28195?

The Impact of CVE-2021-28195

Technical Details of CVE-2021-28195

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2021-28195

What is CVE-2021-28195?

Is your System Free of Underlying Vulnerabilities?
Find Out Now