TVN ID | TVN-202103034 |
---|---|
CVE ID | CVE-2021-28207 |
CVSS | 4.9 (Medium) CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Affected Products | BMC's firmwares: ASMB9-iKVM 1.11.12 RS720A-E9-RS24-E 1.10.3 RS700A-E9-RS4 1.10.0 RS700-E9-RS4 1.09 ESC4000 G4X 1.11.6 RS700-E9-RS12 1.11.5 RS100-E10-PI2 1.13.6 RS300-E10-PS4 1.13.6 RS300-E10-RS4 1.13.6 RS500A-E9-PS4 1.14.1 RS500A-E9-RS4 1.14.1 RS500A-E9 RS4 U 1.14.1 E700 G4 1.14.1 WS C422 PRO/SE 1.14.1 WS X299 PRO/SE 1.14.1 Z11PA-U12 1.15.1 Z11PA-U12/10G-2S 1.15.1 KNPA-U16 1.13.4 ESC4000 DHD G4 1.13.7 ESC4000 G4 1.15.2 RS720Q-E9-RS24-S 1.15.0 RS720Q-E9-RS8 1.15.0 RS720Q-E9-RS8-S 1.15.0 Z11PA-D8 1.14.1 Z11PA-D8C 1.14.1 RS720-E9-RS24-U 1.14.3 RS720-E9-RS8-G 1.15.2 RS500-E9-PS4 1.15.4 Pro E800 G4 1.14.2 RS500-E9-RS4 1.15.4 RS500-E9-RS4-U 1.15.4 RS520-E9-RS12-E 1.15.3 RS520-E9-RS8 1.15.3 ESC8000 G4 1.15.4 ESC8000 G4/10G 1.15.4 RS720-E9-RS12-E 1.15.2 WS C621E SAGE 1.15.1 RS500A-E10-PS4 1.15.2 RS500A-E10-RS4 1.15.2 RS700A-E9-RS12V2 1.15.1 RS700A-E9-RS4V2 1.15.1 RS720A-E9-RS12V2 1.15.2 RS720A-E9-RS24V2 1.15.1 Z11PR-D16 1.15.3 |
Description | The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files. |
Solution | update BMC's firmwares to the following versions: ASMB9-iKVM 1.15.3 RS700-E9-RS4 1.15.4 ESC4000 G4X 1.15.6 RS700-E9-RS12 1.15.4 RS100-E10-PI2 1.15.3 RS300-E10-PS4 1.15.3 RS300-E10-RS4 1.15.3 RS500A-E9-PS4 1.14.2 RS500A-E9-RS4 1.14.2 RS500A-E9 RS4 U 1.14.2 E700 G4 1.14.2 WS C422 PRO/SE 1.14.2 WS X299 PRO/SE 1.14.2 Z11PA-U12 1.15.2 Z11PA-U12/10G-2S 1.15.2 KNPA-U16 1.14.5 ESC4000 DHD G4 1.15.2 ESC4000 G4 1.15.6 RS720Q-E9-RS24-S 1.15.1 RS720Q-E9-RS8 1.15.1 RS720Q-E9-RS8-S 1.15.1 Z11PA-D8 1.15.2 Z11PA-D8C 1.15.2 RS720-E9-RS24-U 1.15.5 RS720-E9-RS8-G 1.15.4 RS500-E9-PS4 1.15.5 Pro E800 G4 1.15.2 RS500-E9-RS4 1.15.5 RS500-E9-RS4-U 1.15.5 RS520-E9-RS12-E 1.15.4 RS520-E9-RS8 1.15.4 ESC8000 G4 1.15.5 ESC8000 G4/10G 1.15.5 RS720-E9-RS12-E 1.15.3 WS C621E SAGE 1.15.3 RS500A-E10-PS4 1.15.3 RS500A-E10-RS4 1.15.3 RS700A-E9-RS12V2 1.15.3 RS700A-E9-RS4V2 1.15.3 RS720A-E9-RS12V2 1.15.3 RS720A-E9-RS24V2 1.15.3 Z11PR-D16 1.15.4 |
Credit | ASUS |
Public Date | 2021-04-06 |