ASUS BMC's firmware: path traversal - Get Help file function
CVE-2021-28207

4.9MEDIUM

Key Information:

Vendor
Asus
Status
Bmc Firmware For Asmb9-ikvm
Bmc Firmware For Rs720a-e9-rs24-e
Bmc Firmware For Rs700a-e9-rs4
Bmc Firmware For Rs700-e9-rs4
Vendor
CVE Published:
6 April 2021

Summary

The specific function in ASUS BMC’s firmware Web management page (Get Help file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

Affected Version(s)

BMC firmware for ASMB9-iKVM 1.11.12

BMC firmware for E700 G4 1.14.1

BMC firmware for ESC4000 DHD G4 1.13.7

References

https://www.asus.com/content/ASUS-Product-Security-Advisory/
x_refsource_MISC
https://www.asus.com/tw/support/callus/
x_refsource_MISC
https://www.twcert.org.tw/tw/cp-132-4577-60153-1.html
x_refsource_MISC

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.