CVE-2021-28206
4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ASUS | BMC firmware for ASMB9-iKVM | 1.11.12 | affected |
| ASUS | BMC firmware for RS720A-E9-RS24-E | 1.10.3 | affected |
| ASUS | BMC firmware for RS700A-E9-RS4 | 1.10.0 | affected |
| ASUS | BMC firmware for RS700-E9-RS4 | 1.09 | affected |
| ASUS | BMC firmware for ESC4000 G4X | 1.11.6 | affected |
| ASUS | BMC firmware for RS700-E9-RS12 | 1.11.5 | affected |
| ASUS | BMC firmware for RS100-E10-PI2 | 1.13.6 | affected |
| ASUS | BMC firmware for RS300-E10-PS4 | 1.13.6 | affected |
| ASUS | BMC firmware for RS300-E10-RS4 | 1.13.6 | affected |
| ASUS | BMC firmware for RS500A-E9-PS4 | 1.14.1 | affected |
| ASUS | BMC firmware for RS500A-E9-RS4 | 1.14.1 | affected |
| ASUS | BMC firmware for RS500A-E9 RS4 | 1.14.1 | affected |
| ASUS | BMC firmware for E700 G4 | 1.14.1 | affected |
| ASUS | BMC firmware for WS C422 PRO/SE | 1.14.1 | affected |
| ASUS | BMC firmware for WS X299 PRO/SE | 1.14.1 | affected |
| ASUS | BMC firmware for Z11PA-U12 | 1.15.1 | affected |
| ASUS | BMC firmware for Z11PA-U12/10G-2S | 1.15.1 | affected |
| ASUS | BMC firmware for KNPA-U16 | 1.13.4 | affected |
| ASUS | BMC firmware for ESC4000 DHD G4 | 1.13.7 | affected |
| ASUS | BMC firmware for ESC4000 G4 | 1.15.2 | affected |
| ASUS | BMC firmware for RS720Q-E9-RS24-S | 1.15.0 | affected |
| ASUS | BMC firmware for RS720Q-E9-RS8 | 1.15.0 | affected |
| ASUS | BMC firmware for RS720Q-E9-RS8-S | 1.15.0 | affected |
| ASUS | BMC firmware for Z11PA-D8 | 1.14.1 | affected |
| ASUS | BMC firmware for Z11PA-D8C | 1.14.1 | affected |
| ASUS | BMC firmware for RS720-E9-RS24-U | 1.14.3 | affected |
| ASUS | BMC firmware for RS720-E9-RS8-G | 1.15.2 | affected |
| ASUS | BMC firmware for RS500-E9-PS4 | 1.15.4 | affected |
| ASUS | BMC firmware for Pro E800 G4 | 1.14.2 | affected |
| ASUS | BMC firmware for RS500-E9-RS4 | 1.15.4 | affected |
| ASUS | BMC firmware for RS500-E9-RS4-U | 1.15.4 | affected |
| ASUS | BMC firmware for RS520-E9-RS12-E | 1.15.3 | affected |
| ASUS | BMC firmware for RS520-E9-RS8 | 1.15.3 | affected |
| ASUS | BMC firmware for ESC8000 G4 | 1.15.4 | affected |
| ASUS | BMC firmware for ESC8000 G4/10G | 1.15.4 | affected |
| ASUS | BMC firmware for RS720-E9-RS12-E | 1.15.2 | affected |
| ASUS | BMC firmware for WS C621E SAGE | 1.15.1 | affected |
| ASUS | BMC firmware for RS500A-E10-PS4 | 1.15.2 | affected |
| ASUS | BMC firmware for RS500A-E10-RS4 | 1.15.2 | affected |
| ASUS | BMC firmware for RS700A-E9-RS12V2 | 1.15.1 | affected |
| ASUS | BMC firmware for RS700A-E9-RS4V2 | 1.15.1 | affected |
| ASUS | BMC firmware for RS720A-E9-RS12V2 | 1.15.2 | affected |
| ASUS | BMC firmware for RS720A-E9-RS24V2 | 1.15.1 | affected |
| ASUS | BMC firmware for Z11PR-D16 | 1.15.3 | affected |
Weaknesses
- CWE-22: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADP Enrichment
CVE Program Container
Additional References
- https://www.asus.com/content/ASUS-Product-Security-Advisory/
- https://www.asus.com/tw/support/callus/
- https://www.twcert.org.tw/tw/cp-132-4576-422ac-1.html
References
- https://www.asus.com/content/ASUS-Product-Security-Advisory/
- https://www.asus.com/tw/support/callus/
- https://www.twcert.org.tw/tw/cp-132-4576-422ac-1.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.