CVE-2021-28209

EPSS 0.5%
Veröffentlicht 06.04.2021 05:15:17
Zuletzt bearbeitet 21.11.2024 05:59:22
Quelle twcert@cert.org.tw
Teams Watchlist Login
Unerledigt Login

The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Asus ≫ Asmb9-ikvm Firmware Version1.11.12

Asus ≫ Asmb9-ikvm Version-

Asus ≫ Rs720a-e9-rs24-e Firmware Version1.10.3

Asus ≫ Rs720a-e9-rs24-e Version-

Asus ≫ Rs700a-e9-rs4 Firmware Version1.10.0

Asus ≫ Rs700a-e9-rs4 Version-

Asus ≫ Rs700-e9-rs4 Firmware Version1.09

Asus ≫ Rs700-e9-rs4 Version-

Asus ≫ Esc4000 G4x Firmware Version1.11.6

Asus ≫ Esc4000 G4x Version-

Asus ≫ Rs700-e9-rs12 Firmware Version1.11.5

Asus ≫ Rs700-e9-rs12 Version-

Asus ≫ Rs100-e10-pi2 Firmware Version1.13.6

Asus ≫ Rs100-e10-pi2 Version-

Asus ≫ Rs300-e10-ps4 Firmware Version1.13.6

Asus ≫ Rs300-e10-ps4 Version-

Asus ≫ Rs300-e10-rs4 Firmware Version1.13.6

Asus ≫ Rs300-e10-rs4 Version-

Asus ≫ Rs500a-e9-ps4 Firmware Version1.14.1

Asus ≫ Rs500a-e9-ps4 Version-

Asus ≫ Rs500a-e9-rs4 Firmware Version1.14.1

Asus ≫ Rs500a-e9-rs4 Version-

Asus ≫ Rs500a-e9 Rs4 U Firmware Version1.14.1

Asus ≫ Rs500a-e9 Rs4 U Version-

Asus ≫ E700 G4 Firmware Version1.14.1

Asus ≫ E700 G4 Version-

Asus ≫ Ws C422 Pro/se Firmware Version1.14.1

Asus ≫ Ws C422 Pro/se Version-

Asus ≫ Ws X299 Pro/se Firmware Version1.14.1

Asus ≫ Ws X299 Pro/se Version-

Asus ≫ Z11pa-u12 Firmware Version1.15.1

Asus ≫ Z11pa-u12 Version-

Asus ≫ Z11pa-u12/10g-2s Firmware Version1.15.1

Asus ≫ Z11pa-u12/10g-2s Version-

Asus ≫ Knpa-u16 Firmware Version1.13.4

Asus ≫ Knpa-u16 Version-

Asus ≫ Esc4000 Dhd G4 Firmware Version1.13.7

Asus ≫ Esc4000 Dhd G4 Version-

Asus ≫ Esc4000 G4 Firmware Version1.15.2

Asus ≫ Esc4000 G4 Version-

Asus ≫ Rs720q-e9-rs24-s Firmware Version1.15.0

Asus ≫ Rs720q-e9-rs24-s Version-

Asus ≫ Rs720q-e9-rs8 Firmware Version1.15.0

Asus ≫ Rs720q-e9-rs8 Version-

Asus ≫ Rs720q-e9-rs8-s Firmware Version1.15.0

Asus ≫ Rs720q-e9-rs8-s Version-

Asus ≫ Z11pa-d8 Firmware Version1.14.1

Asus ≫ Z11pa-d8 Version-

Asus ≫ Z11pa-d8c Firmware Version1.14.1

Asus ≫ Z11pa-d8c Version-

Asus ≫ Rs720-e9-rs24-u Firmware Version1.14.3

Asus ≫ Rs720-e9-rs24-u Version-

Asus ≫ Rs720-e9-rs8-g Firmware Version1.15.2

Asus ≫ Rs720-e9-rs8-g Version-

Asus ≫ Rs500-e9-ps4 Firmware Version1.15.4

Asus ≫ Rs500-e9-ps4 Version-

Asus ≫ Pro E800 G4 Firmware Version1.14.2

Asus ≫ Pro E800 G4 Version-

Asus ≫ Rs500-e9-rs4 Firmware Version1.15.4

Asus ≫ Rs500-e9-rs4 Version-

Asus ≫ Rs500-e9-rs4-u Firmware Version1.15.4

Asus ≫ Rs500-e9-rs4-u Version-

Asus ≫ Rs520-e9-rs12-e Firmware Version1.15.3

Asus ≫ Rs520-e9-rs12-e Version-

Asus ≫ Rs520-e9-rs8 Firmware Version1.15.3

Asus ≫ Rs520-e9-rs8 Version-

Asus ≫ Esc8000 G4 Firmware Version1.15.4

Asus ≫ Esc8000 G4 Version-

Asus ≫ Esc8000 G4/10g Firmware Version1.15.4

Asus ≫ Esc8000 G4/10g Version-

Asus ≫ Rs720-e9-rs12-e Firmware Version1.15.2

Asus ≫ Rs720-e9-rs12-e Version-

Asus ≫ Ws C621e Sage Firmware Version1.15.1

Asus ≫ Ws C621e Sage Version-

Asus ≫ Rs500a-e10-ps4 Firmware Version1.15.2

Asus ≫ Rs500a-e10-ps4 Version-

Asus ≫ Rs500a-e10-rs4 Firmware Version1.15.2

Asus ≫ Rs500a-e10-rs4 Version-

Asus ≫ Rs700a-e9-rs12v2 Firmware Version1.15.1

Asus ≫ Rs700a-e9-rs12v2 Version-

Asus ≫ Rs700a-e9-rs4v2 Firmware Version1.15.1

Asus ≫ Rs700a-e9-rs4v2 Version-

Asus ≫ Rs720a-e9-rs12v2 Firmware Version1.15.2

Asus ≫ Rs720a-e9-rs12v2 Version-

Asus ≫ Rs720a-e9-rs24v2 Firmware Version1.15.1

Asus ≫ Rs720a-e9-rs24v2 Version-

Asus ≫ Z11pr-d16 Firmware Version1.15.3

Asus ≫ Z11pr-d16 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.5%	0.632

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	6.8	8	6.9	AV:N/AC:L/Au:S/C:C/I:N/A:N
twcert@cert.org.tw	4.9	1.2	3.6	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://www.asus.com/content/ASUS-Product-Security-Advisory/

Vendor Advisory

https://www.asus.com/tw/support/callus/

Vendor Advisory

https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2021-28209

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-28209

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-28209

EUVD