go to Content
:::

TWCERT/CC Taiwan Computer Emergency Response Team/Coordination Center

:::
Date:
Font-stze:

ASUS BMC's firmware: path traversal - Get video file function

TVN ID TVN-202103035
CVE ID CVE-2021-28208
CVSS 4.9 (Medium)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products BMC's firmwares:
ASMB9-iKVM 1.11.12
RS720A-E9-RS24-E 1.10.3
RS700A-E9-RS4 1.10.0
RS700-E9-RS4 1.09
ESC4000 G4X 1.11.6
RS700-E9-RS12 1.11.5
RS100-E10-PI2 1.13.6
RS300-E10-PS4 1.13.6
RS300-E10-RS4 1.13.6
RS500A-E9-PS4 1.14.1
RS500A-E9-RS4 1.14.1
RS500A-E9 RS4 U 1.14.1
E700 G4 1.14.1
WS C422 PRO/SE 1.14.1
WS X299 PRO/SE 1.14.1
Z11PA-U12 1.15.1
Z11PA-U12/10G-2S 1.15.1
KNPA-U16 1.13.4
ESC4000 DHD G4 1.13.7
ESC4000 G4 1.15.2
RS720Q-E9-RS24-S 1.15.0
RS720Q-E9-RS8 1.15.0
RS720Q-E9-RS8-S 1.15.0
Z11PA-D8 1.14.1
Z11PA-D8C 1.14.1
RS720-E9-RS24-U 1.14.3
RS720-E9-RS8-G 1.15.2
RS500-E9-PS4 1.15.4
Pro E800 G4 1.14.2
RS500-E9-RS4 1.15.4
RS500-E9-RS4-U 1.15.4
RS520-E9-RS12-E 1.15.3
RS520-E9-RS8 1.15.3
ESC8000 G4 1.15.4
ESC8000 G4/10G 1.15.4
RS720-E9-RS12-E 1.15.2
WS C621E SAGE 1.15.1
RS500A-E10-PS4 1.15.2
RS500A-E10-RS4 1.15.2
RS700A-E9-RS12V2 1.15.1
RS700A-E9-RS4V2 1.15.1
RS720A-E9-RS12V2 1.15.2
RS720A-E9-RS24V2 1.15.1
Z11PR-D16 1.15.3
Description The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Solution update BMC's firmwares to the following versions:
ASMB9-iKVM 1.15.3
RS700-E9-RS4 1.15.4
ESC4000 G4X 1.15.6
RS700-E9-RS12 1.15.4
RS100-E10-PI2 1.15.3
RS300-E10-PS4 1.15.3
RS300-E10-RS4 1.15.3
RS500A-E9-PS4 1.14.2
RS500A-E9-RS4 1.14.2
RS500A-E9 RS4 U 1.14.2
E700 G4 1.14.2
WS C422 PRO/SE 1.14.2
WS X299 PRO/SE 1.14.2
Z11PA-U12 1.15.2
Z11PA-U12/10G-2S 1.15.2
KNPA-U16 1.14.5
ESC4000 DHD G4 1.15.2
ESC4000 G4 1.15.6
RS720Q-E9-RS24-S 1.15.1
RS720Q-E9-RS8 1.15.1
RS720Q-E9-RS8-S 1.15.1
Z11PA-D8 1.15.2
Z11PA-D8C 1.15.2
RS720-E9-RS24-U 1.15.5
RS720-E9-RS8-G 1.15.4
RS500-E9-PS4 1.15.5
Pro E800 G4 1.15.2
RS500-E9-RS4 1.15.5
RS500-E9-RS4-U 1.15.5
RS520-E9-RS12-E 1.15.4
RS520-E9-RS8 1.15.4
ESC8000 G4 1.15.5
ESC8000 G4/10G 1.15.5
RS720-E9-RS12-E 1.15.3
WS C621E SAGE 1.15.3
RS500A-E10-PS4 1.15.3
RS500A-E10-RS4 1.15.3
RS700A-E9-RS12V2 1.15.3
RS700A-E9-RS4V2 1.15.3
RS720A-E9-RS12V2 1.15.3
RS720A-E9-RS24V2 1.15.3
Z11PR-D16 1.15.4
Credit ASUS
Public Date 2021-04-06

Links

  1. CVE-2021-28208
  2. ASUS Product Security Advisory
  3. ASUS Support
Top