Vulnerability Details CVE-2021-28209
The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.7%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 6.8
References
- https://www.asus.com/content/ASUS-Product-Security-Advisory/
- https://www.asus.com/tw/support/callus/
- https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html
- https://www.asus.com/content/ASUS-Product-Security-Advisory/
- https://www.asus.com/tw/support/callus/
- https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html
Products affected by CVE-2021-28209
-
cpe:2.3:h:asus:asmb9-ikvm:-
-
cpe:2.3:h:asus:e700_g4:-
-
cpe:2.3:h:asus:esc4000_dhd_g4:-
-
cpe:2.3:h:asus:esc4000_g4:-
-
cpe:2.3:h:asus:esc4000_g4x:-
-
cpe:2.3:h:asus:esc8000_g4/10g:-
-
cpe:2.3:h:asus:esc8000_g4:-
-
cpe:2.3:h:asus:knpa-u16:-
-
cpe:2.3:h:asus:pro_e800_g4:-
-
cpe:2.3:h:asus:rs100-e10-pi2:-
-
cpe:2.3:h:asus:rs300-e10-ps4:-
-
cpe:2.3:h:asus:rs300-e10-rs4:-
-
cpe:2.3:h:asus:rs500-e9-ps4:-
-
cpe:2.3:h:asus:rs500-e9-rs4-u:-
-
cpe:2.3:h:asus:rs500-e9-rs4:-
-
cpe:2.3:h:asus:rs500a-e10-ps4:-
-
cpe:2.3:h:asus:rs500a-e10-rs4:-
-
cpe:2.3:h:asus:rs500a-e9-ps4:-
-
cpe:2.3:h:asus:rs500a-e9-rs4:-
-
cpe:2.3:h:asus:rs500a-e9_rs4_u:-
-
cpe:2.3:h:asus:rs520-e9-rs12-e:-
-
cpe:2.3:h:asus:rs520-e9-rs8:-
-
cpe:2.3:h:asus:rs700-e9-rs12:-
-
cpe:2.3:h:asus:rs700-e9-rs4:-
-
cpe:2.3:h:asus:rs700a-e9-rs12v2:-
-
cpe:2.3:h:asus:rs700a-e9-rs4:-
-
cpe:2.3:h:asus:rs700a-e9-rs4v2:-
-
cpe:2.3:h:asus:rs720-e9-rs12-e:-
-
cpe:2.3:h:asus:rs720-e9-rs24-u:-
-
cpe:2.3:h:asus:rs720-e9-rs8-g:-
-
cpe:2.3:h:asus:rs720a-e9-rs12v2:-
-
cpe:2.3:h:asus:rs720a-e9-rs24-e:-
-
cpe:2.3:h:asus:rs720a-e9-rs24v2:-
-
cpe:2.3:h:asus:rs720q-e9-rs24-s:-
-
cpe:2.3:h:asus:rs720q-e9-rs8-s:-
-
cpe:2.3:h:asus:rs720q-e9-rs8:-
-
cpe:2.3:h:asus:ws_c422_pro/se:-
-
cpe:2.3:h:asus:ws_c621e_sage:-
-
cpe:2.3:h:asus:ws_x299_pro/se:-
-
cpe:2.3:h:asus:z11pa-d8:-
-
cpe:2.3:h:asus:z11pa-d8c:-
-
cpe:2.3:h:asus:z11pa-u12/10g-2s:-
-
cpe:2.3:h:asus:z11pa-u12:-
-
cpe:2.3:h:asus:z11pr-d16:-
-
cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12
-
cpe:2.3:o:asus:e700_g4_firmware:1.14.1
-
cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7
-
cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2
-
cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6
-
cpe:2.3:o:asus:esc8000_g4/10g_firmware:1.15.4
-
cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4
-
cpe:2.3:o:asus:knpa-u16_firmware:1.13.4
-
cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2
-
cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6
-
cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6
-
cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6
-
cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4
-
cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4
-
cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4
-
cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2
-
cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2
-
cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1
-
cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1
-
cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1
-
cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3
-
cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3
-
cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5
-
cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09
-
cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1
-
cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0
-
cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1
-
cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2
-
cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3
-
cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2
-
cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2
-
cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3
-
cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1
-
cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0
-
cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0
-
cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0
-
cpe:2.3:o:asus:ws_c422_pro/se_firmware:1.14.1
-
cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1
-
cpe:2.3:o:asus:ws_x299_pro/se_firmware:1.14.1
-
cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1
-
cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1
-
cpe:2.3:o:asus:z11pa-u12/10g-2s_firmware:1.15.1
-
cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1
-
cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3