CVE-2021-28205 - OpenCVE

The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Asus	Z10pr-d16 Asmb8-ikvm Z10pe-d16 Ws Firmware Z10pe-d16 Ws Z10pr-d16 Firmware Asmb8-ikvm Firmware

Configuration 1 [-]

AND

cpe:2.3:o:asus:z10pr-d16_firmware:1.14.51:*:*:*:*:*:*:*

cpe:2.3:h:asus:z10pr-d16:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:asus:asmb8-ikvm_firmware:1.14.51:*:*:*:*:*:*:*

cpe:2.3:h:asus:asmb8-ikvm:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:asus:z10pe-d16_ws_firmware:1.14.2:*:*:*:*:*:*:*

cpe:2.3:h:asus:z10pe-d16_ws:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.asus.com/content/ASUS-Product-Security-Advisory/	Vendor Advisory
https://www.asus.com/tw/support/callus/	Vendor Advisory
https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: twcert

Published: 2021-04-06T00:00:00

Updated: 2021-04-06T05:02:22

Reserved: 2021-03-12T00:00:00

Link: CVE-2021-28205

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-04-06T05:15:17.143

Modified: 2021-04-14T12:48:37.140

Link: CVE-2021-28205

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "BMC firmware for Z10PR-D16", "vendor": "ASUS", "versions": [{"status": "affected", "version": "1.14.51"}]}, {"product": "BMC firmware for ASMB8-iKVM", "vendor": "ASUS", "versions": [{"status": "affected", "version": "1.14.51"}]}, {"product": "BMC firmware for Z10PE-D16 WS", "vendor": "ASUS", "versions": [{"status": "affected", "version": "1.14.2"}]}], "datePublic": "2021-04-06T00:00:00", "descriptions": [{"lang": "en", "value": "The specific function in ASUS BMC\u2019s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-04-06T05:02:22", "orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "shortName": "twcert"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.asus.com/tw/support/callus/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html"}], "solutions": [{"lang": "en", "value": "update BMC's firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"}], "source": {"advisory": "TVN-202103032", "discovery": "EXTERNAL"}, "title": "ASUS BMC's firmware: path traversal - Delete SOL video file function", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"AKA": "TWCERT/CC", "ASSIGNER": "cve@cert.org.tw", "DATE_PUBLIC": "2021-04-06T02:48:00.000Z", "ID": "CVE-2021-28205", "STATE": "PUBLIC", "TITLE": "ASUS BMC's firmware: path traversal - Delete SOL video file function"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BMC firmware for Z10PR-D16", "version": {"version_data": [{"version_affected": "=", "version_value": "1.14.51"}]}}, {"product_name": "BMC firmware for ASMB8-iKVM", "version": {"version_data": [{"version_affected": "=", "version_value": "1.14.51"}]}}, {"product_name": "BMC firmware for Z10PE-D16 WS", "version": {"version_data": [{"version_affected": "=", "version_value": "1.14.2"}]}}]}, "vendor_name": "ASUS"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The specific function in ASUS BMC\u2019s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}]}, "references": {"reference_data": [{"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/", "refsource": "MISC", "url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"}, {"name": "https://www.asus.com/tw/support/callus/", "refsource": "MISC", "url": "https://www.asus.com/tw/support/callus/"}, {"name": "https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html", "refsource": "MISC", "url": "https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html"}]}, "solution": [{"lang": "en", "value": "update BMC's firmwares to the following versions:\nZ10PR-D16 1.16.1\nASMB8-iKVM 1.16.1\nZ10PE-D16 WS 1.16.1"}], "source": {"advisory": "TVN-202103032", "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e", "assignerShortName": "twcert", "cveId": "CVE-2021-28205", "datePublished": "2021-04-06T00:00:00", "dateReserved": "2021-03-12T00:00:00", "dateUpdated": "2021-04-06T05:02:22", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:z10pr-d16_firmware:1.14.51:*:*:*:*:*:*:*", "matchCriteriaId": "F38D0E80-BD62-46A7-B1CD-6C7045FF7F79", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:z10pr-d16:-:*:*:*:*:*:*:*", "matchCriteriaId": "A340A0CE-8BD2-420A-814B-5585C08A4CCB", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:asmb8-ikvm_firmware:1.14.51:*:*:*:*:*:*:*", "matchCriteriaId": "4D98B9CE-6675-48A4-98A3-6E5DA19A2480", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:asmb8-ikvm:-:*:*:*:*:*:*:*", "matchCriteriaId": "1A2F069D-18EE-49A3-A8EB-3C745425BFFE", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:asus:z10pe-d16_ws_firmware:1.14.2:*:*:*:*:*:*:*", "matchCriteriaId": "0B5DB0A7-B863-4AFF-BEB6-6958F921C016", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:asus:z10pe-d16_ws:-:*:*:*:*:*:*:*", "matchCriteriaId": "51F61A82-6BBE-4758-9789-7CE6FCB9E20D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The specific function in ASUS BMC\u2019s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."}, {"lang": "es", "value": "La funci\u00f3n specific en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC (Borra la funci\u00f3n de archivo de video SOL) no filtra el par\u00e1metro specific. Como obtener el permiso de administrador, unos atacantes remotos pueden usar los medios de salto de ruta para acceder a unos archivos del sistema"}], "id": "CVE-2021-28205", "lastModified": "2021-04-14T12:48:37.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "twcert@cert.org.tw", "type": "Secondary"}]}, "published": "2021-04-06T05:15:17.143", "references": [{"source": "twcert@cert.org.tw", "tags": ["Vendor Advisory"], "url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"}, {"source": "twcert@cert.org.tw", "tags": ["Vendor Advisory"], "url": "https://www.asus.com/tw/support/callus/"}, {"source": "twcert@cert.org.tw", "tags": ["Third Party Advisory"], "url": "https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html"}], "sourceIdentifier": "twcert@cert.org.tw", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "twcert@cert.org.tw", "type": "Secondary"}]}