CVE-2021-28205

The specific function in ASUS BMC’s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

CVSS v3 4.9 MEDIUM
CVSS v2.0 6.8 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:C/I:N/A:N

Exploitability : 8.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.asus.com/content/ASUS-Product-Security-Advisory/	Vendor Advisory
https://www.asus.com/tw/support/callus/	Vendor Advisory
https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html	Third Party Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:asus:z10pr-d16_firmware:1.14.51:*:*:*:*:*:*:*

cpe:2.3:h:asus:z10pr-d16:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:asus:asmb8-ikvm_firmware:1.14.51:*:*:*:*:*:*:*

cpe:2.3:h:asus:asmb8-ikvm:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:asus:z10pe-d16_ws_firmware:1.14.2:*:*:*:*:*:*:*

cpe:2.3:h:asus:z10pe-d16_ws:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-04-06 05:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-28205

Mitre link : CVE-2021-28205

CVE.ORG link : CVE-2021-28205

JSON object : View

Products Affected

asus

z10pe-d16_ws
z10pr-d16
z10pe-d16_ws_firmware
asmb8-ikvm
asmb8-ikvm_firmware
z10pr-d16_firmware

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2021-28205", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2021-04-06T05:15:17.143", "references": [{"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/", "tags": ["Vendor Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.asus.com/tw/support/callus/", "tags": ["Vendor Advisory"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-4575-2e32d-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The specific function in ASUS BMC\u2019s firmware Web management page (Delete SOL video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."}, {"lang": "es", "value": "La funci\u00f3n specific en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC (Borra la funci\u00f3n de archivo de video SOL) no filtra el par\u00e1metro specific. Como obtener el permiso de administrador, unos atacantes remotos pueden usar los medios de salto de ruta para acceder a unos archivos del sistema"}], "lastModified": "2021-04-14T12:48:37.140", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:z10pr-d16_firmware:1.14.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F38D0E80-BD62-46A7-B1CD-6C7045FF7F79"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:z10pr-d16:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A340A0CE-8BD2-420A-814B-5585C08A4CCB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:asmb8-ikvm_firmware:1.14.51:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4D98B9CE-6675-48A4-98A3-6E5DA19A2480"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:asmb8-ikvm:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1A2F069D-18EE-49A3-A8EB-3C745425BFFE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:asus:z10pe-d16_ws_firmware:1.14.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B5DB0A7-B863-4AFF-BEB6-6958F921C016"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:z10pe-d16_ws:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "51F61A82-6BBE-4758-9789-7CE6FCB9E20D"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "twcert@cert.org.tw"}