CWE
22
Advisory Published
Updated

CVE-2021-28208: ASUS BMC's firmware: path traversal - Get video file function

First published: Tue Apr 06 2021(Updated: )

The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

Credit: twcert@cert.org.tw

Affected SoftwareAffected VersionHow to fix
Asus Asmb9-ikvm Firmware=1.11.12
Asus Asmb9-ikvm
Asus Rs720a-e9-rs24-e Firmware=1.10.3
Asus Rs720a-e9-rs24-e
Asus Rs700a-e9-rs4 Firmware=1.10.0
Asus Rs700a-e9-rs4
Asus Rs700-e9-rs4 Firmware=1.09
Asus Rs700-e9-rs4
Asus Esc4000 G4x Firmware=1.11.6
Asus Esc4000 G4x
Asus Rs700-e9-rs12 Firmware=1.11.5
Asus Rs700-e9-rs12
Asus Rs100-e10-pi2 Firmware=1.13.6
Asus Rs100-e10-pi2
Asus Rs300-e10-ps4 Firmware=1.13.6
Asus Rs300-e10-ps4
Asus Rs300-e10-rs4 Firmware=1.13.6
Asus Rs300-e10-rs4
Asus Rs500a-e9-ps4 Firmware=1.14.1
Asus Rs500a-e9-ps4
Asus Rs500a-e9-rs4 Firmware=1.14.1
Asus Rs500a-e9-rs4
Asus Rs500a-e9 Rs4 U Firmware=1.14.1
Asus Rs500a-e9 Rs4 U
Asus E700 G4 Firmware=1.14.1
Asus E700 G4
Asus Ws C422 Pro\/se Firmware=1.14.1
Asus Ws C422 Pro\/se
Asus Ws X299 Pro\/se Firmware=1.14.1
Asus Ws X299 Pro\/se
Asus Z11pa-u12 Firmware=1.15.1
Asus Z11pa-u12
Asus Z11pa-u12\/10g-2s Firmware=1.15.1
Asus Z11pa-u12\/10g-2s
Asus Knpa-u16 Firmware=1.13.4
Asus Knpa-u16
Asus Esc4000 Dhd G4 Firmware=1.13.7
Asus Esc4000 Dhd G4
Asus Esc4000 G4 Firmware=1.15.2
Asus Esc4000 G4
Asus Rs720q-e9-rs24-s Firmware=1.15.0
Asus Rs720q-e9-rs24-s
Asus Rs720q-e9-rs8 Firmware=1.15.0
Asus Rs720q-e9-rs8
Asus Rs720q-e9-rs8-s Firmware=1.15.0
Asus Rs720q-e9-rs8-s
Asus Z11pa-d8 Firmware=1.14.1
Asus Z11pa-d8
Asus Z11pa-d8c Firmware=1.14.1
Asus Z11pa-d8c
Asus Rs720-e9-rs24-u Firmware=1.14.3
Asus Rs720-e9-rs24-u
Asus Rs720-e9-rs8-g Firmware=1.15.2
Asus Rs720-e9-rs8-g
Asus Rs500-e9-ps4 Firmware=1.15.4
Asus Rs500-e9-ps4
Asus Pro E800 G4 Firmware=1.14.2
Asus Pro E800 G4
Asus Rs500-e9-rs4 Firmware=1.15.4
Asus Rs500-e9-rs4
Asus Rs500-e9-rs4-u Firmware=1.15.4
Asus Rs500-e9-rs4-u
Asus Rs520-e9-rs12-e Firmware=1.15.3
Asus Rs520-e9-rs12-e
Asus Rs520-e9-rs8 Firmware=1.15.3
Asus Rs520-e9-rs8
Asus Esc8000 G4 Firmware=1.15.4
Asus Esc8000 G4
Asus Esc8000 G4\/10g Firmware=1.15.4
Asus Esc8000 G4\/10g
Asus Rs720-e9-rs12-e Firmware=1.15.2
Asus Rs720-e9-rs12-e
Asus Ws C621e Sage Firmware=1.15.1
Asus Ws C621e Sage
Asus Rs500a-e10-ps4 Firmware=1.15.2
Asus Rs500a-e10-ps4
Asus Rs500a-e10-rs4 Firmware=1.15.2
Asus Rs500a-e10-rs4
Asus Rs700a-e9-rs12v2 Firmware=1.15.1
Asus Rs700a-e9-rs12v2
Asus Rs700a-e9-rs4v2 Firmware=1.15.1
Asus Rs700a-e9-rs4v2
Asus Rs720a-e9-rs12v2 Firmware=1.15.2
Asus Rs720a-e9-rs12v2
Asus Rs720a-e9-rs24v2 Firmware=1.15.1
Asus Rs720a-e9-rs24v2
Asus Z11pr-d16 Firmware=1.15.3
Asus Z11pr-d16

Remedy

update BMC's firmwares to the following versions: ESC4000 G4X 1.15.6 RS700-E9-RS12 1.15.4 RS100-E10-PI2 1.15.3 RS300-E10-PS4 1.15.3 RS300-E10-RS4 1.15.3 RS500A-E9-PS4 1.14.2 RS500A-E9-RS4 1.14.2 RS500A-E9 RS4 U 1.14.2 E700 G4 1.14.2 WS C422 PRO/SE 1.14.2 WS X299 PRO/SE 1.14.2 Z11PA-U12 1.15.2 KNPA-U16 1.14.5 ESC4000 DHD G4 1.15.2 ESC4000 G4 1.15.6 RS720Q-E9-RS24-S 1.15.1 RS720Q-E9-RS8 1.15.1 RS720Q-E9-RS8-S 1.15.1 Z11PA-D8 1.15.2 Z11PA-D8C 1.15.2 RS720-E9-RS24-U 1.15.5 RS720-E9-RS8-G 1.15.4 RS500-E9-PS4 1.15.5 Pro E800 G4 1.15.2 RS500-E9-RS4 1.15.5 RS500-E9-RS4-U 1.15.5 RS520-E9-RS12-E 1.15.4 RS520-E9-RS8 1.15.4 ESC8000 G4 1.15.5 ESC8000 G4/10G 1.15.5 RS720-E9-RS12-E 1.15.3 WS C621E SAGE 1.15.3 RS500A-E10-PS4 1.15.3 RS500A-E10-RS4 1.15.3 RS700A-E9-RS12V2 1.15.3 RS700A-E9-RS4V2 1.15.3 RS720A-E9-RS12V2 1.15.3 RS720A-E9-RS24V2 1.15.3 Z11PR-D16 1.15.4

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203