CVSS: 9.8EPSS: 3%CPEs: 1EXPL: 4CVE-2023-26602 – ASUS ASMB8 iKVM 1.14.51 SNMP Remote Root
https://notcve.org/view.php?id=CVE-2023-26602
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. ASUS ASMB8 iKVM firmware versions 1.14.51 and below suffers from a flaw where SNMPv2 can be used with write access to introduce arbitrary extensions to achieve remote code execution as root. The researchers also discovered a hardcoded administrative account. • https://github.com/D1G17/CVE-2023-26602 http://packetstormsecurity.com/files/171137/ASUS-ASMB8-iKVM-1.14.51-SNMP-Remote-Root.html http://seclists.org/fulldisclosure/2023/Feb/15 https://nwsec.de/NWSSA-002-2023.txt • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28205 – ASUS BMC's firmware: path traversal - Delete SOL video file function
https://notcve.org/view.php?id=CVE-2021-28205
The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. La función specific en la página de administración Web del firmware de ASUS BMC (Borra la función de archivo de video SOL) no filtra el parámetro specific. Como obtener el permiso de administrador, unos atacantes remotos pueden usar los medios de salto de ruta para acceder a unos archivos del sistema • https://www.asus.com/content/ASUS-Product-Security-Advisory https://www.asus.com/tw/support/callus https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28204 – ASUS BMC's firmware: command injection - Modify user’s information function
https://notcve.org/view.php?id=CVE-2021-28204
The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. La función specific en la página de administración Web del firmware de ASUS BMC (Modifica la función de información del usuario) no filtra el parámetro specific. Como obtener el permiso de administrador, unos atacantes remotos pueden iniciar una inyección de comandos para ejecutar un comando arbitrario • https://www.asus.com/content/ASUS-Product-Security-Advisory https://www.asus.com/tw/support/callus https://www.twcert.org.tw/tw/cp-132-4574-b61a6-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28203 – ASUS BMC's firmware: command injection - Web Set Media Image function
https://notcve.org/view.php?id=CVE-2021-28203
The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the administrator permission, remote attackers can launch command injection to execute command arbitrary. La función Web Set Media Image en la página de administración Web del firmware de ASUS BMC, no filtra el parámetro specific. Como obtener el permiso de administrador, unos atacantes remotos pueden iniciar una inyección de comandos para ejecutar un comando arbitrario • https://www.asus.com/content/ASUS-Product-Security-Advisory https://www.asus.com/tw/support/callus https://www.twcert.org.tw/tw/cp-132-4573-aa336-1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0CVE-2021-28189 – ASUS BMC's firmware: buffer overflow - SMTP configuration function
https://notcve.org/view.php?id=CVE-2021-28189
The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting in a Buffer overflow vulnerability. As obtaining the privileged permission, remote attackers use the leakage to abnormally terminate the Web service. La función de configuration de SMTP en la página de administración Web del firmware de ASUS BMC, no verifica la longitud de la cadena introducida por usuarios, resultando en una vulnerabilidad de desbordamiento del búfer. Al obtener el permiso privilegiado, los atacantes remotos usan la filtración para finalizar anormalmente el servicio Web • https://www.asus.com/content/ASUS-Product-Security-Advisory https://www.asus.com/tw/support/callus https://www.twcert.org.tw/tw/cp-132-4559-ad2b5-1.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •