go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

ASUS BMC's firmware: path traversal - Get Help file function

TVN ID TVN-202103034
CVE ID CVE-2021-28207
CVSS 4.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products BMC's firmwares:
ASMB9-iKVM 1.11.12
RS720A-E9-RS24-E 1.10.3
RS700A-E9-RS4 1.10.0
RS700-E9-RS4 1.09
ESC4000 G4X 1.11.6
RS700-E9-RS12 1.11.5
RS100-E10-PI2 1.13.6
RS300-E10-PS4 1.13.6
RS300-E10-RS4 1.13.6
RS500A-E9-PS4 1.14.1
RS500A-E9-RS4 1.14.1
RS500A-E9 RS4 U 1.14.1
E700 G4 1.14.1
WS C422 PRO/SE 1.14.1
WS X299 PRO/SE 1.14.1
Z11PA-U12 1.15.1
Z11PA-U12/10G-2S 1.15.1
KNPA-U16 1.13.4
ESC4000 DHD G4 1.13.7
ESC4000 G4 1.15.2
RS720Q-E9-RS24-S 1.15.0
RS720Q-E9-RS8 1.15.0
RS720Q-E9-RS8-S 1.15.0
Z11PA-D8 1.14.1
Z11PA-D8C 1.14.1
RS720-E9-RS24-U 1.14.3
RS720-E9-RS8-G 1.15.2
RS500-E9-PS4 1.15.4
Pro E800 G4 1.14.2
RS500-E9-RS4 1.15.4
RS500-E9-RS4-U 1.15.4
RS520-E9-RS12-E 1.15.3
RS520-E9-RS8 1.15.3
ESC8000 G4 1.15.4
ESC8000 G4/10G 1.15.4
RS720-E9-RS12-E 1.15.2
WS C621E SAGE 1.15.1
RS500A-E10-PS4 1.15.2
RS500A-E10-RS4 1.15.2
RS700A-E9-RS12V2 1.15.1
RS700A-E9-RS4V2 1.15.1
RS720A-E9-RS12V2 1.15.2
RS720A-E9-RS24V2 1.15.1
Z11PR-D16 1.15.3
Description The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Solution update BMC's firmwares to the following versions:
ASMB9-iKVM 1.15.3
RS700-E9-RS4 1.15.4
ESC4000 G4X 1.15.6
RS700-E9-RS12 1.15.4
RS100-E10-PI2 1.15.3
RS300-E10-PS4 1.15.3
RS300-E10-RS4 1.15.3
RS500A-E9-PS4 1.14.2
RS500A-E9-RS4 1.14.2
RS500A-E9 RS4 U 1.14.2
E700 G4 1.14.2
WS C422 PRO/SE 1.14.2
WS X299 PRO/SE 1.14.2
Z11PA-U12 1.15.2
Z11PA-U12/10G-2S 1.15.2
KNPA-U16 1.14.5
ESC4000 DHD G4 1.15.2
ESC4000 G4 1.15.6
RS720Q-E9-RS24-S 1.15.1
RS720Q-E9-RS8 1.15.1
RS720Q-E9-RS8-S 1.15.1
Z11PA-D8 1.15.2
Z11PA-D8C 1.15.2
RS720-E9-RS24-U 1.15.5
RS720-E9-RS8-G 1.15.4
RS500-E9-PS4 1.15.5
Pro E800 G4 1.15.2
RS500-E9-RS4 1.15.5
RS500-E9-RS4-U 1.15.5
RS520-E9-RS12-E 1.15.4
RS520-E9-RS8 1.15.4
ESC8000 G4 1.15.5
ESC8000 G4/10G 1.15.5
RS720-E9-RS12-E 1.15.3
WS C621E SAGE 1.15.3
RS500A-E10-PS4 1.15.3
RS500A-E10-RS4 1.15.3
RS700A-E9-RS12V2 1.15.3
RS700A-E9-RS4V2 1.15.3
RS720A-E9-RS12V2 1.15.3
RS720A-E9-RS24V2 1.15.3
Z11PR-D16 1.15.4
Credit ASUS
Public Date 2021-04-06

Links

  1. CVE-2021-28207
  2. ASUS Product Security Advisory
  3. ASUS Support
Top