Products

Solutions

Company

Book A Live Demo

CVE-2021-28203 : Security Advisory and Response

Learn about CVE-2021-28203, a critical command injection vulnerability in ASUS BMC firmware, allowing remote attackers to execute arbitrary commands. Find out about the impact, affected systems, and mitigation steps.

This article provides details about CVE-2021-28203, a command injection vulnerability in ASUS BMC firmware, allowing remote attackers to execute arbitrary commands.

Understanding CVE-2021-28203

CVE-2021-28203 is a vulnerability in ASUS BMC firmware that enables remote attackers to launch command injections via the Web Set Media Image function.

What is CVE-2021-28203?

The vulnerability arises from the lack of specific parameter filtering in ASUS BMC's firmware Web management page, granting attackers with administrator permission the ability to execute arbitrary commands.

The Impact of CVE-2021-28203

With a CVSS v3.1 base score of 7.2 (High), the vulnerability has a significant impact on confidentiality, integrity, and availability. Remote attackers can exploit it without user interaction, leading to severe consequences.

Technical Details of CVE-2021-28203

The vulnerability affects multiple ASUS BMC firmware versions, including BMC firmware for Z10PR-D16, ASMB8-iKVM, and Z10PE-D16 WS.

Vulnerability Description

The Web Set Media Image function in ASUS BMC's firmware Web management page lacks specific parameter filtering, enabling remote attackers to trigger command injections.

Affected Systems and Versions

BMC firmware for Z10PR-D16: Version 1.14.51

BMC firmware for ASMB8-iKVM: Version 1.14.51

BMC firmware for Z10PE-D16 WS: Version 1.14.2

Exploitation Mechanism

Attackers with administrator privilege can exploit the vulnerability through command injection, executing arbitrary commands remotely.

Mitigation and Prevention

To address CVE-2021-28203, users should follow immediate steps and implement long-term security practices, along with applying relevant patches and updates.

Immediate Steps to Take

Update ASUS BMC firmware to the following versions:

Z10PR-D16: Version 1.16.1

ASMB8-iKVM: Version 1.16.1

Z10PE-D16 WS: Version 1.16.1

Long-Term Security Practices

Apart from updating firmware, ensure secure configurations, network segmentation, and regular security assessments to mitigate future risks.

Patching and Updates

Regularly monitor ASUS security advisories and promptly apply patches and updates to eliminate vulnerabilities.

CVE-2021-28203 : Security Advisory and Response

Understanding CVE-2021-28203

What is CVE-2021-28203?

The Impact of CVE-2021-28203

Technical Details of CVE-2021-28203

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2021-28203 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2021-28203

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2021-28203?

The Impact of CVE-2021-28203

Technical Details of CVE-2021-28203

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2021-28203

What is CVE-2021-28203?

Is your System Free of Underlying Vulnerabilities?
Find Out Now