CVE-2021-28204

Sažetak

The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary.

Reference

https://www.asus.com/content/ASUS-Product-Security-Advisory/
https://www.asus.com/tw/support/callus/
https://www.twcert.org.tw/tw/cp-132-4574-b61a6-1.html

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

14-04-2021 - 12:29

Objavljeno

06-04-2021 - 05:15