Lucene search

[email protected]NVD:CVE-2021-28208

HistoryApr 06, 2021 - 5:15 a.m.

CVE-2021-28208

2021-04-0605:15:17

CWE-22

[email protected]

web.nvd.nist.gov

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

58.9%

JSON

The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

Affected configurations

NVD

Node

asusasmb9-ikvm_firmwareMatch1.11.12

AND

asusasmb9-ikvmMatch-

Node

asusrs720a-e9-rs24-e_firmwareMatch1.10.3

AND

asusrs720a-e9-rs24-eMatch-

Node

asusrs700a-e9-rs4_firmwareMatch1.10.0

AND

asusrs700a-e9-rs4Match-

Node

asusrs700-e9-rs4_firmwareMatch1.09

AND

asusrs700-e9-rs4Match-

Node

asusesc4000_g4x_firmwareMatch1.11.6

AND

asusesc4000_g4xMatch-

Node

asusrs700-e9-rs12_firmwareMatch1.11.5

AND

asusrs700-e9-rs12Match-

Node

asusrs100-e10-pi2_firmwareMatch1.13.6

AND

asusrs100-e10-pi2Match-

Node

asusrs300-e10-ps4_firmwareMatch1.13.6

AND

asusrs300-e10-ps4Match-

Node

asusrs300-e10-rs4_firmwareMatch1.13.6

AND

asusrs300-e10-rs4Match-

Node

asusrs500a-e9-ps4_firmwareMatch1.14.1

AND

asusrs500a-e9-ps4Match-

Node

asusrs500a-e9-rs4_firmwareMatch1.14.1

AND

asusrs500a-e9-rs4Match-

Node

asusrs500a-e9_rs4_u_firmwareMatch1.14.1

AND

asusrs500a-e9_rs4_uMatch-

Node

asuse700_g4_firmwareMatch1.14.1

AND

asuse700_g4Match-

Node

asusws_c422_pro\/se_firmwareMatch1.14.1

AND

asusws_c422_pro\/seMatch-

Node

asusws_x299_pro\/se_firmwareMatch1.14.1

AND

asusws_x299_pro\/seMatch-

Node

asusz11pa-u12_firmwareMatch1.15.1

AND

asusz11pa-u12Match-

Node

asusz11pa-u12\/10g-2s_firmwareMatch1.15.1

AND

asusz11pa-u12\/10g-2sMatch-

Node

asusknpa-u16_firmwareMatch1.13.4

AND

asusknpa-u16Match-

Node

asusesc4000_dhd_g4_firmwareMatch1.13.7

AND

asusesc4000_dhd_g4Match-

Node

asusesc4000_g4_firmwareMatch1.15.2

AND

asusesc4000_g4Match-

Node

asusrs720q-e9-rs24-s_firmwareMatch1.15.0

AND

asusrs720q-e9-rs24-sMatch-

Node

asusrs720q-e9-rs8_firmwareMatch1.15.0

AND

asusrs720q-e9-rs8Match-

Node

asusrs720q-e9-rs8-s_firmwareMatch1.15.0

AND

asusrs720q-e9-rs8-sMatch-

Node

asusz11pa-d8_firmwareMatch1.14.1

AND

asusz11pa-d8Match-

Node

asusz11pa-d8c_firmwareMatch1.14.1

AND

asusz11pa-d8cMatch-

Node

asusrs720-e9-rs24-uMatch-

AND

asusrs720-e9-rs24-u_firmwareMatch1.14.3

Node

asusrs720-e9-rs8-gMatch-

AND

asusrs720-e9-rs8-g_firmwareMatch1.15.2

Node

asusrs500-e9-ps4Match-

AND

asusrs500-e9-ps4_firmwareMatch1.15.4

Node

asuspro_e800_g4Match-

AND

asuspro_e800_g4_firmwareMatch1.14.2

Node

asusrs500-e9-rs4Match-

AND

asusrs500-e9-rs4_firmwareMatch1.15.4

Node

asusrs500-e9-rs4-uMatch-

AND

asusrs500-e9-rs4-u_firmwareMatch1.15.4

Node

asusrs520-e9-rs12-eMatch-

AND

asusrs520-e9-rs12-e_firmwareMatch1.15.3

Node

asusrs520-e9-rs8Match-

AND

asusrs520-e9-rs8_firmwareMatch1.15.3

Node

asusesc8000_g4_firmwareMatch1.15.4

AND

asusesc8000_g4Match-

Node

asusesc8000_g4\/10g_firmwareMatch1.15.4

AND

asusesc8000_g4\/10gMatch-

Node

asusrs720-e9-rs12-e_firmwareMatch1.15.2

AND

asusrs720-e9-rs12-eMatch-

Node

asusws_c621e_sage_firmwareMatch1.15.1

AND

asusws_c621e_sageMatch-

Node

asusrs500a-e10-ps4_firmwareMatch1.15.2

AND

asusrs500a-e10-ps4Match-

Node

asusrs500a-e10-rs4_firmwareMatch1.15.2

AND

asusrs500a-e10-rs4Match-

Node

asusrs700a-e9-rs12v2_firmwareMatch1.15.1

AND

asusrs700a-e9-rs12v2Match-

Node

asusrs700a-e9-rs4v2_firmwareMatch1.15.1

AND

asusrs700a-e9-rs4v2Match-

Node

asusrs720a-e9-rs12v2_firmwareMatch1.15.2

AND

asusrs720a-e9-rs12v2Match-

Node

asusrs720a-e9-rs24v2_firmwareMatch1.15.1

AND

asusrs720a-e9-rs24v2Match-

Node

asusz11pr-d16_firmwareMatch1.15.3

AND

asusz11pr-d16Match-

References

www.asus.com/content/ASUS-Product-Security-Advisory/

www.asus.com/tw/support/callus/

www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:C/I:N/A:N

4.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for NVD:CVE-2021-28208

prion1 cve1 cvelist1