CVE-2021-28206 - OpenCVE

The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Asus	Rs700a-e9-rs4v2 E700 G4 Firmware Esc4000 G4 Firmware Rs500-e9-rs4 Rs700a-e9-rs4v2 Firmware Rs520-e9-rs12-e Z11pa-d8 Firmware Rs500a-e9 Rs4 U Rs700a-e9-rs4 Firmware Rs500-e9-ps4 Firmware Rs520-e9-rs12-e Firmware Rs720-e9-rs24-u Rs720-e9-rs12-e Firmware Rs720-e9-rs8-g Firmware Asmb9-ikvm Firmware Rs720q-e9-rs8 Rs720q-e9-rs8-s Firmware Ws X299 Pro\/se Rs720a-e9-rs24-e Rs720q-e9-rs8-s Rs720q-e9-rs24-s Rs500a-e9-rs4 Rs720-e9-rs24-u Firmware Ws C422 Pro\/se Firmware Z11pr-d16 Esc4000 Dhd G4 Firmware Rs500-e9-ps4 Ws C422 Pro\/se Rs720a-e9-rs12v2 Firmware Z11pa-u12 Rs700a-e9-rs12v2 Pro E800 G4 E700 G4 Ws C621e Sage Firmware Rs500a-e10-rs4 Knpa-u16 Rs500a-e9-ps4 Rs720a-e9-rs12v2 Rs500a-e10-ps4 Firmware Rs720-e9-rs8-g Rs500a-e10-rs4 Firmware Z11pa-u12\/10g-2s Rs520-e9-rs8 Firmware Rs520-e9-rs8 Rs720a-e9-rs24v2 Firmware Z11pa-u12\/10g-2s Firmware Esc8000 G4\/10g Rs720-e9-rs12-e Rs500-e9-rs4-u Rs700-e9-rs4 Firmware Rs700a-e9-rs12v2 Firmware Rs500-e9-rs4 Firmware Esc8000 G4 Esc4000 G4 Rs720q-e9-rs8 Firmware Z11pr-d16 Firmware Rs500a-e9-rs4 Firmware Esc4000 G4x Esc4000 Dhd G4 Z11pa-d8 Rs300-e10-rs4 Firmware Ws C621e Sage Esc4000 G4x Firmware Rs300-e10-ps4 Firmware Rs100-e10-pi2 Firmware Z11pa-u12 Firmware Rs300-e10-rs4 Asmb9-ikvm Rs720a-e9-rs24v2 Rs500a-e9 Rs4 U Firmware Rs720a-e9-rs24-e Firmware Esc8000 G4 Firmware Rs720q-e9-rs24-s Firmware Rs700-e9-rs12 Firmware Knpa-u16 Firmware Rs500a-e9-ps4 Firmware Ws X299 Pro\/se Firmware Rs500-e9-rs4-u Firmware Rs700-e9-rs12 Z11pa-d8c Firmware Pro E800 G4 Firmware Rs700-e9-rs4 Z11pa-d8c Rs300-e10-ps4 Esc8000 G4\/10g Firmware Rs500a-e10-ps4 Rs100-e10-pi2 Rs700a-e9-rs4

Configuration 1 [-]

AND

cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*

cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*

cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*

Configuration 11 [-]

AND

cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*

Configuration 12 [-]

AND

cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*

Configuration 13 [-]

AND

cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*

Configuration 14 [-]

AND

cpe:2.3:o:asus:ws_c422_pro\/se_firmware:1.14.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:ws_c422_pro\/se:-:*:*:*:*:*:*:*

Configuration 15 [-]

AND

cpe:2.3:o:asus:ws_x299_pro\/se_firmware:1.14.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:ws_x299_pro\/se:-:*:*:*:*:*:*:*

Configuration 16 [-]

AND

cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*

Configuration 17 [-]

AND

cpe:2.3:o:asus:z11pa-u12\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:z11pa-u12\/10g-2s:-:*:*:*:*:*:*:*

Configuration 18 [-]

AND

cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*

cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*

Configuration 19 [-]

AND

cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*

cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*

Configuration 20 [-]

AND

cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*

cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*

Configuration 21 [-]

AND

cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*

Configuration 22 [-]

AND

cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*

Configuration 23 [-]

AND

cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*

Configuration 24 [-]

AND

cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*

Configuration 25 [-]

AND

cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*

Configuration 26 [-]

AND

cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*

Configuration 27 [-]

AND

cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*

Configuration 28 [-]

AND

cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*

Configuration 29 [-]

AND

cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*

cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*

Configuration 30 [-]

AND

cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*

Configuration 31 [-]

AND

cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*

Configuration 32 [-]

AND

cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*

Configuration 33 [-]

AND

cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*

Configuration 34 [-]

AND

cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*

cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*

Configuration 35 [-]

AND

cpe:2.3:o:asus:esc8000_g4\/10g_firmware:1.15.4:*:*:*:*:*:*:*

cpe:2.3:h:asus:esc8000_g4\/10g:-:*:*:*:*:*:*:*

Configuration 36 [-]

AND

cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*

Configuration 37 [-]

AND

cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*

Configuration 38 [-]

AND

cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*

Configuration 39 [-]

AND

cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*

Configuration 40 [-]

AND

cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*

Configuration 41 [-]

AND

cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*

Configuration 42 [-]

AND

cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*

Configuration 43 [-]

AND

cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*

cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*

Configuration 44 [-]

AND

cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*

cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.asus.com/content/ASUS-Product-Security-Advisory/	Vendor Advisory
https://www.asus.com/tw/support/callus/	Vendor Advisory
https://www.twcert.org.tw/tw/cp-132-4576-422ac-1.html	Third Party Advisory