Asus Asmb8-ikvm Firmware — known CVE vulnerabilities
Every CVE whose affected-product data names Asus Asmb8-ikvm Firmware, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (19)
CVE-2023-26602 — CVSS 9.8 (critical): ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as…
CVE-2021-28204 — CVSS 7.2 (high): The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not filter the specific…
CVE-2021-28203 — CVSS 7.2 (high): The Web Set Media Image function in ASUS BMC’s firmware Web management page does not filter the specific parameter. As obtaining the…
CVE-2021-28178 — CVSS 4.9 (medium): The UEFI configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting…
CVE-2021-28179 — CVSS 4.9 (medium): The specific function in ASUS BMC’s firmware Web management page (Media support configuration setting) does not verify the string length…
CVE-2021-28180 — CVSS 4.9 (medium): The specific function in ASUS BMC’s firmware Web management page (Audit log configuration setting) does not verify the string length…
CVE-2021-28181 — CVSS 4.9 (medium): The specific function in ASUS BMC’s firmware Web management page (Remote video configuration setting) does not verify the string length…
CVE-2021-28182 — CVSS 4.9 (medium): The Web Service configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users…
CVE-2021-28183 — CVSS 4.9 (medium): The specific function in ASUS BMC’s firmware Web management page (Web License configuration setting) does not verify the string length…
CVE-2021-28175 — CVSS 4.9 (medium): The Radius configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users…
CVE-2021-28185 — CVSS 4.9 (medium): The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-1 acquisition) does not verify the string length…
CVE-2021-28186 — CVSS 4.9 (medium): The specific function in ASUS BMC’s firmware Web management page (ActiveX configuration-2 acquisition) does not verify the string length…
CVE-2021-28187 — CVSS 4.9 (medium): The specific function in ASUS BMC’s firmware Web management page (Generate new SSL certificate) does not verify the string length entered…
CVE-2021-28188 — CVSS 4.9 (medium): The specific function in ASUS BMC’s firmware Web management page (Modify user’s information function) does not verify the string length…
CVE-2021-28189 — CVSS 4.9 (medium): The SMTP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting…
CVE-2021-28205 — CVSS 4.9 (medium): The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter…
CVE-2021-28184 — CVSS 4.9 (medium): The Active Directory configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by…
CVE-2021-28176 — CVSS 4.9 (medium): The DNS configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting…
CVE-2021-28177 — CVSS 4.9 (medium): The LDAP configuration function in ASUS BMC’s firmware Web management page does not verify the string length entered by users, resulting…