CVE-2021-28208 (GCVE-0-2021-28208)
Vulnerability from cvelistv5 – Published: 2021-04-06 05:02 – Updated: 2024-09-16 22:19
VLAI
Title
ASUS BMC's firmware: path traversal - Get video file function
Summary
The specific function in ASUS BMC’s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Severity
4.9 (Medium)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.asus.com/content/ASUS-Product-Securit… | x_refsource_MISC |
| https://www.asus.com/tw/support/callus/ | x_refsource_MISC |
| https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html | x_refsource_MISC |
Impacted products
44 products
Date Public
2021-04-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:40:12.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
],
"datePublic": "2021-04-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-06T05:02:24.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.asus.com/tw/support/callus/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103035",
"discovery": "EXTERNAL"
},
"title": "ASUS BMC\u0027s firmware: path traversal - Get video file function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-04-06T02:48:00.000Z",
"ID": "CVE-2021-28208",
"STATE": "PUBLIC",
"TITLE": "ASUS BMC\u0027s firmware: path traversal - Get video file function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BMC firmware for ASMB9-iKVM",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.11.12"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24-E",
"version": {
"version_data": [
{
"version_value": "1.10.3"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.10.0"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.09"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4X",
"version": {
"version_data": [
{
"version_value": "1.11.6"
}
]
}
},
{
"product_name": "BMC firmware for RS700-E9-RS12",
"version": {
"version_data": [
{
"version_value": "1.11.5"
}
]
}
},
{
"product_name": "BMC firmware for RS100-E10-PI2",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS300-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.13.6"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E9 RS4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for E700 G4",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS C422 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for WS X299 PRO/SE",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-U12/10G-2S",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for KNPA-U16",
"version": {
"version_data": [
{
"version_value": "1.13.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 DHD G4",
"version": {
"version_data": [
{
"version_value": "1.13.7"
}
]
}
},
{
"product_name": "BMC firmware for ESC4000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS24-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for RS720Q-E9-RS8-S",
"version": {
"version_data": [
{
"version_value": "1.15.0"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PA-D8C",
"version": {
"version_data": [
{
"version_value": "1.14.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS24-U",
"version": {
"version_data": [
{
"version_value": "1.14.3"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS8-G",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for Pro E800 G4",
"version": {
"version_data": [
{
"version_value": "1.14.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS500-E9-RS4-U",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for RS520-E9-RS8",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for ESC8000 G4/10G",
"version": {
"version_data": [
{
"version_value": "1.15.4"
}
]
}
},
{
"product_name": "BMC firmware for RS720-E9-RS12-E",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for WS C621E SAGE",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-PS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS500A-E10-RS4",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS700A-E9-RS4V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS12V2",
"version": {
"version_data": [
{
"version_value": "1.15.2"
}
]
}
},
{
"product_name": "BMC firmware for RS720A-E9-RS24V2",
"version": {
"version_data": [
{
"version_value": "1.15.1"
}
]
}
},
{
"product_name": "BMC firmware for Z11PR-D16",
"version": {
"version_data": [
{
"version_value": "1.15.3"
}
]
}
}
]
},
"vendor_name": "ASUS"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The specific function in ASUS BMC\u2019s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.asus.com/content/ASUS-Product-Security-Advisory/",
"refsource": "MISC",
"url": "https://www.asus.com/content/ASUS-Product-Security-Advisory/"
},
{
"name": "https://www.asus.com/tw/support/callus/",
"refsource": "MISC",
"url": "https://www.asus.com/tw/support/callus/"
},
{
"name": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "update BMC\u0027s firmwares to the following versions:\nESC4000 G4X 1.15.6\nRS700-E9-RS12 1.15.4\nRS100-E10-PI2 1.15.3\nRS300-E10-PS4 1.15.3\nRS300-E10-RS4 1.15.3\nRS500A-E9-PS4 1.14.2\nRS500A-E9-RS4 1.14.2\nRS500A-E9 RS4 U 1.14.2\nE700 G4 1.14.2\nWS C422 PRO/SE 1.14.2\nWS X299 PRO/SE 1.14.2\nZ11PA-U12 1.15.2\nKNPA-U16 1.14.5\nESC4000 DHD G4 1.15.2\nESC4000 G4 1.15.6\nRS720Q-E9-RS24-S 1.15.1\nRS720Q-E9-RS8 1.15.1\nRS720Q-E9-RS8-S 1.15.1\nZ11PA-D8 1.15.2\nZ11PA-D8C 1.15.2\nRS720-E9-RS24-U 1.15.5\nRS720-E9-RS8-G 1.15.4\nRS500-E9-PS4 1.15.5\nPro E800 G4 1.15.2\nRS500-E9-RS4 1.15.5\nRS500-E9-RS4-U 1.15.5\nRS520-E9-RS12-E 1.15.4\nRS520-E9-RS8 1.15.4\nESC8000 G4 1.15.5\nESC8000 G4/10G 1.15.5\nRS720-E9-RS12-E 1.15.3\nWS C621E SAGE 1.15.3\nRS500A-E10-PS4 1.15.3\nRS500A-E10-RS4 1.15.3\nRS700A-E9-RS12V2 1.15.3\nRS700A-E9-RS4V2 1.15.3\nRS720A-E9-RS12V2 1.15.3\nRS720A-E9-RS24V2 1.15.3\nZ11PR-D16 1.15.4"
}
],
"source": {
"advisory": "TVN-202103035",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-28208",
"datePublished": "2021-04-06T05:02:25.088Z",
"dateReserved": "2021-03-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:19:36.654Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-28208",
"date": "2026-05-26",
"epss": "0.00299",
"percentile": "0.53331"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-28208\",\"sourceIdentifier\":\"twcert@cert.org.tw\",\"published\":\"2021-04-06T05:15:17.393\",\"lastModified\":\"2024-11-21T05:59:21.967\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The specific function in ASUS BMC\u2019s firmware Web management page (Get video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n specific en la p\u00e1gina de administraci\u00f3n Web del firmware de ASUS BMC (Obtiene la funci\u00f3n de archivo de video) no filtra el par\u00e1metro specific.\u0026#xa0;Como obtener el permiso de administrador, unos atacantes remotos pueden usar los medios de salto de ruta para acceder a unos archivos del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":4.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:C/I:N/A:N\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"twcert@cert.org.tw\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"40A54A0A-77FA-4A52-8B6C-27037BC8B49A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8403F521-6213-455E-B7EE-BA6979DCECE0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DA68530-98FD-422C-AFED-F4A8D51A18FC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4210DAC9-9728-4235-A2A6-4BE1673A3087\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BAD9A2C1-93D2-47BF-A5F1-51E1E4E7AA0D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01DEDE99-AABB-4B29-A7E8-FA88CCB64E08\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1897CBA-FD13-4289-AC42-DE2644BB6607\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FC543CA-A2FA-4909-AC8B-2DF4BDC9D89A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B8B5694-E9EF-4C09-8E28-DB7F0DB4880D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF24B07-D05B-48CF-8778-DBA503D824A7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs700-e9-rs12_firmware:1.11.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0C616EB3-7257-4A4B-93D2-77020DAC7D34\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs700-e9-rs12:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"377A6E37-7B30-4460-B51F-99FCD572266C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs100-e10-pi2_firmware:1.13.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39FA5F21-3500-454A-AF5E-809A0C9E1CD9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs100-e10-pi2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12A33A3C-19C5-456C-B25F-18C706611853\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs300-e10-ps4_firmware:1.13.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C79FC84-D468-4056-BCB6-789C6DFED310\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs300-e10-ps4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F17455F9-1D00-4510-A79A-6BDDBB6F1B52\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs300-e10-rs4_firmware:1.13.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3B8C7C6-88CB-4A50-A0CE-69B8157774CE\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs300-e10-rs4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1FA81076-C066-4F9A-B6DD-89C0A1E87007\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs500a-e9-ps4_firmware:1.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC487249-AEF5-412C-B1E7-F68119C154C9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs500a-e9-ps4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EE0FF60-E688-46C4-8CEE-569C2273BA77\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs500a-e9-rs4_firmware:1.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8D6CF74-1AEE-4616-8098-AF286859CD4C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs500a-e9-rs4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FB4E233-E97F-4E9E-89AF-FC27E10419CB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs500a-e9_rs4_u_firmware:1.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"315EF6C1-97EF-4939-9DE1-03FC3668DDD9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs500a-e9_rs4_u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D53B32DC-D011-44BB-AA62-CCCC1643BD0B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:e700_g4_firmware:1.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC22D5D-87E1-418C-99C8-A25BECC964E5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:e700_g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC848711-32AF-462E-A06F-60BB7E1D33BC\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:ws_c422_pro\\\\/se_firmware:1.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"205C81D2-B6C5-4D1F-9C97-00D4DA28EB2C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:ws_c422_pro\\\\/se:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77921CC6-3F8D-4408-AED2-009CBD39B7E7\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:ws_x299_pro\\\\/se_firmware:1.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C269611C-67CB-403F-BE35-E723AF0ED0F9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:ws_x299_pro\\\\/se:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6AA451F-9FF0-4DA3-9A20-BF675F21F9C0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:z11pa-u12_firmware:1.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A3B078B-0C22-4254-A37A-1AD4F7CEA3B1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:z11pa-u12:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC25822B-31FE-4CE4-B1CC-4FDD4BADC89F\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:z11pa-u12\\\\/10g-2s_firmware:1.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"690FF817-248D-4978-BDBD-8039586F7AB9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:z11pa-u12\\\\/10g-2s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA33288B-ECEF-4068-B501-E9ADD2B19F7A\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:knpa-u16_firmware:1.13.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3C9DE71-3B1C-4FF8-9C58-44FC5F0DDD68\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:knpa-u16:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26C1BC39-6E9D-4D9C-AA40-B51138DEDDF3\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:esc4000_dhd_g4_firmware:1.13.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E15C09F1-E09B-437E-980E-A13D05A68C70\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:esc4000_dhd_g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF0A76CD-3932-4233-BFD7-661363938859\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:esc4000_g4_firmware:1.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C55BBB4-DEB0-41F2-A09E-FB64B9F0309E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:esc4000_g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5062001F-935D-4FE5-831D-C5113DA1D2DE\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs720q-e9-rs24-s_firmware:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C233178A-7C83-4753-9ED8-325D79111FDD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs720q-e9-rs24-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E9BA009-703C-4F9F-91FD-601CE4355C30\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs720q-e9-rs8_firmware:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C896942-DE33-4134-B2F6-25DF85EC8D4D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs720q-e9-rs8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"64831F59-CE1E-4546-8A39-9FA45F8E0563\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs720q-e9-rs8-s_firmware:1.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C935BA3-7F5B-4D6E-BF5B-14E028236CB8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs720q-e9-rs8-s:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07E73697-10BD-49B1-AC1B-B44FEFFEF631\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:z11pa-d8_firmware:1.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2DD5DF3-DD2B-4D0C-8904-404A4E88FA29\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:z11pa-d8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96F0C227-097C-4BE5-BBCA-349914CF7BC8\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:z11pa-d8c_firmware:1.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9D8BF26-2263-4077-A831-11719C7C20C9\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:z11pa-d8c:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"648DAD72-3535-43C1-A44E-EEC9102690B6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs720-e9-rs24-u_firmware:1.14.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F85E29D2-55B6-4EBB-80F7-1429752C74FB\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs720-e9-rs24-u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3FF951D-A07D-465D-BEF8-44359445D66E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs720-e9-rs8-g_firmware:1.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B8F86A9-542D-424D-B539-E841A1CF6657\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs720-e9-rs8-g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A1DF9A-944A-4CDB-A784-0F894C5A0C54\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs500-e9-ps4_firmware:1.15.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AC2F649-A059-4AED-8463-5E1B3EA312E2\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs500-e9-ps4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC616DB9-EA78-466C-8B33-D1ECE36D7861\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:pro_e800_g4_firmware:1.14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A4C4879-DCD7-47C7-98BD-2E1C9C0E0544\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:pro_e800_g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEB6AD8E-7D3D-46A3-8919-339095DE5848\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs500-e9-rs4_firmware:1.15.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45A849AB-C3E4-4E77-9A65-4D9F08ACA155\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs500-e9-rs4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB6CF829-87F0-4351-8F26-D09277A53FA9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs500-e9-rs4-u_firmware:1.15.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34E98952-7995-4FE6-BFE5-9C11AC99CD6D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs500-e9-rs4-u:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0ECC375-C875-467B-BF98-57E2AEEE10DB\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs520-e9-rs12-e_firmware:1.15.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9386AD14-6121-4E68-86D2-C78128BE6C55\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs520-e9-rs12-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27300D49-3E43-469F-9B1A-A9CC9A03853C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs520-e9-rs8_firmware:1.15.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE1CE4D4-7AC4-42A1-AE82-57A348EF04FA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs520-e9-rs8:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F81AC089-04F7-4199-82CE-28DE60C6FC53\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:esc8000_g4_firmware:1.15.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"853F7236-2636-4CC5-8F09-A8FEA127EB3C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:esc8000_g4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CCFD494-6259-470A-B646-8CDD0CBB4540\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:esc8000_g4\\\\/10g_firmware:1.15.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E23F2DA0-453A-4F62-9C21-A5A7606D99E5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:esc8000_g4\\\\/10g:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AD933F6-B839-4B26-AA9A-0382FDC8F65C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs720-e9-rs12-e_firmware:1.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EDBC4899-D7AC-4DCC-A324-A41DC1605FD0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs720-e9-rs12-e:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C332F85-C27F-4DBA-A681-EBDC07193905\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:ws_c621e_sage_firmware:1.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"571D5376-2F83-4285-970A-337E30F7D513\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:ws_c621e_sage:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C584935A-9088-4EA5-850A-61B5741A6317\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs500a-e10-ps4_firmware:1.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2029BD82-2142-4BAA-9220-D22B1A526A5A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs500a-e10-ps4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A7C8A7D-157E-49A2-B9AE-8D7FB4F38A19\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs500a-e10-rs4_firmware:1.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"05CE886A-53E2-4E7B-831B-847D78E91FDA\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs500a-e10-rs4:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"543BB762-76C9-41FB-A503-B67006E0313B\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs700a-e9-rs12v2_firmware:1.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D0726ED-4CFC-4D58-93C1-E1250A76AE13\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs700a-e9-rs12v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA41003D-2891-4B7F-B29C-C4863376FD30\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs700a-e9-rs4v2_firmware:1.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"549BC8D5-BFEC-431B-80CE-EDA1EF73A515\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs700a-e9-rs4v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB631682-03BC-4880-9E22-D65F29E81EE9\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs720a-e9-rs12v2_firmware:1.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5814D41F-0C3F-4DDA-91F0-0225C93B1C52\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs720a-e9-rs12v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A9D9D22-7280-4D07-9870-9EA042C46E36\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:rs720a-e9-rs24v2_firmware:1.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8884EA18-4106-4841-ACA5-C317D004AA22\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:rs720a-e9-rs24v2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3134870B-1EDD-4299-ADBA-2B3CB3E4A8C6\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:asus:z11pr-d16_firmware:1.15.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E543339C-03F9-46F3-9B33-AB1BDB827989\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:asus:z11pr-d16:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5866377B-3F1A-4AFF-9BAE-AF495A3BE35E\"}]}]}],\"references\":[{\"url\":\"https://www.asus.com/content/ASUS-Product-Security-Advisory/\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.asus.com/tw/support/callus/\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html\",\"source\":\"twcert@cert.org.tw\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.asus.com/content/ASUS-Product-Security-Advisory/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.asus.com/tw/support/callus/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.twcert.org.tw/tw/cp-132-4578-e5d74-1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…