CVE-2021-28209

ASUS BMC's firmware: path traversal - Delete video file function

Description

The specific function in ASUS BMC’s firmware Web management page (Delete video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.

Remediation

Solution:

  • update BMC's firmwares to the following versions: ESC4000 G4X 1.15.6 RS700-E9-RS12 1.15.4 RS100-E10-PI2 1.15.3 RS300-E10-PS4 1.15.3 RS300-E10-RS4 1.15.3 RS500A-E9-PS4 1.14.2 RS500A-E9-RS4 1.14.2 RS500A-E9 RS4 U 1.14.2 E700 G4 1.14.2 WS C422 PRO/SE 1.14.2 WS X299 PRO/SE 1.14.2 Z11PA-U12 1.15.2 KNPA-U16 1.14.5 ESC4000 DHD G4 1.15.2 ESC4000 G4 1.15.6 RS720Q-E9-RS24-S 1.15.1 RS720Q-E9-RS8 1.15.1 RS720Q-E9-RS8-S 1.15.1 Z11PA-D8 1.15.2 Z11PA-D8C 1.15.2 RS720-E9-RS24-U 1.15.5 RS720-E9-RS8-G 1.15.4 RS500-E9-PS4 1.15.5 Pro E800 G4 1.15.2 RS500-E9-RS4 1.15.5 RS500-E9-RS4-U 1.15.5 RS520-E9-RS12-E 1.15.4 RS520-E9-RS8 1.15.4 ESC8000 G4 1.15.5 ESC8000 G4/10G 1.15.5 RS720-E9-RS12-E 1.15.3 WS C621E SAGE 1.15.3 RS500A-E10-PS4 1.15.3 RS500A-E10-RS4 1.15.3 RS700A-E9-RS12V2 1.15.3 RS700A-E9-RS4V2 1.15.3 RS720A-E9-RS12V2 1.15.3 RS720A-E9-RS24V2 1.15.3 Z11PR-D16 1.15.4

Category

4.9
CVSS
Severity: Medium
CVSS 3.1 •
CVSS 2.0 •
EPSS 0.50%
Vendor Advisory asus.com Vendor Advisory asus.com
Affected: ASUS BMC firmware for ASMB9-iKVM
Affected: ASUS BMC firmware for RS720A-E9-RS24-E
Affected: ASUS BMC firmware for RS700A-E9-RS4
Affected: ASUS BMC firmware for RS700-E9-RS4
Affected: ASUS BMC firmware for ESC4000 G4X
Affected: ASUS BMC firmware for RS700-E9-RS12
Affected: ASUS BMC firmware for RS100-E10-PI2
Affected: ASUS BMC firmware for RS300-E10-PS4
Affected: ASUS BMC firmware for RS300-E10-RS4
Affected: ASUS BMC firmware for RS500A-E9-PS4
Affected: ASUS BMC firmware for RS500A-E9-RS4
Affected: ASUS BMC firmware for RS500A-E9 RS4
Affected: ASUS BMC firmware for E700 G4
Affected: ASUS BMC firmware for WS C422 PRO/SE
Affected: ASUS BMC firmware for WS X299 PRO/SE
Affected: ASUS BMC firmware for Z11PA-U12
Affected: ASUS BMC firmware for Z11PA-U12/10G-2S
Affected: ASUS BMC firmware for KNPA-U16
Affected: ASUS BMC firmware for ESC4000 DHD G4
Affected: ASUS BMC firmware for ESC4000 G4
Affected: ASUS BMC firmware for RS720Q-E9-RS24-S
Affected: ASUS BMC firmware for RS720Q-E9-RS8
Affected: ASUS BMC firmware for RS720Q-E9-RS8-S
Affected: ASUS BMC firmware for Z11PA-D8
Affected: ASUS BMC firmware for Z11PA-D8C
Affected: ASUS BMC firmware for RS720-E9-RS24-U
Affected: ASUS BMC firmware for RS720-E9-RS8-G
Affected: ASUS BMC firmware for RS500-E9-PS4
Affected: ASUS BMC firmware for Pro E800 G4
Affected: ASUS BMC firmware for RS500-E9-RS4
Affected: ASUS BMC firmware for RS500-E9-RS4-U
Affected: ASUS BMC firmware for RS520-E9-RS12-E
Affected: ASUS BMC firmware for RS520-E9-RS8
Affected: ASUS BMC firmware for ESC8000 G4
Affected: ASUS BMC firmware for ESC8000 G4/10G
Affected: ASUS BMC firmware for RS720-E9-RS12-E
Affected: ASUS BMC firmware for WS C621E SAGE
Affected: ASUS BMC firmware for RS500A-E10-PS4
Affected: ASUS BMC firmware for RS500A-E10-RS4
Affected: ASUS BMC firmware for RS700A-E9-RS12V2
Affected: ASUS BMC firmware for RS700A-E9-RS4V2
Affected: ASUS BMC firmware for RS720A-E9-RS12V2
Affected: ASUS BMC firmware for RS720A-E9-RS24V2
Affected: ASUS BMC firmware for Z11PR-D16
Published at:
Updated at:

References

Link Tags
https://www.asus.com/content/ASUS-Product-Security-Advisory/ vendor advisory
https://www.asus.com/tw/support/callus/ vendor advisory
https://www.twcert.org.tw/tw/cp-132-4579-c8827-1.html third party advisory

Frequently Asked Questions

What is the severity of CVE-2021-28209?
CVE-2021-28209 has been scored as a medium severity vulnerability.
How to fix CVE-2021-28209?
To fix CVE-2021-28209: update BMC's firmwares to the following versions: ESC4000 G4X 1.15.6 RS700-E9-RS12 1.15.4 RS100-E10-PI2 1.15.3 RS300-E10-PS4 1.15.3 RS300-E10-RS4 1.15.3 RS500A-E9-PS4 1.14.2 RS500A-E9-RS4 1.14.2 RS500A-E9 RS4 U 1.14.2 E700 G4 1.14.2 WS C422 PRO/SE 1.14.2 WS X299 PRO/SE 1.14.2 Z11PA-U12 1.15.2 KNPA-U16 1.14.5 ESC4000 DHD G4 1.15.2 ESC4000 G4 1.15.6 RS720Q-E9-RS24-S 1.15.1 RS720Q-E9-RS8 1.15.1 RS720Q-E9-RS8-S 1.15.1 Z11PA-D8 1.15.2 Z11PA-D8C 1.15.2 RS720-E9-RS24-U 1.15.5 RS720-E9-RS8-G 1.15.4 RS500-E9-PS4 1.15.5 Pro E800 G4 1.15.2 RS500-E9-RS4 1.15.5 RS500-E9-RS4-U 1.15.5 RS520-E9-RS12-E 1.15.4 RS520-E9-RS8 1.15.4 ESC8000 G4 1.15.5 ESC8000 G4/10G 1.15.5 RS720-E9-RS12-E 1.15.3 WS C621E SAGE 1.15.3 RS500A-E10-PS4 1.15.3 RS500A-E10-RS4 1.15.3 RS700A-E9-RS12V2 1.15.3 RS700A-E9-RS4V2 1.15.3 RS720A-E9-RS12V2 1.15.3 RS720A-E9-RS24V2 1.15.3 Z11PR-D16 1.15.4
Is CVE-2021-28209 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2021-28209 is being actively exploited. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-28209?
CVE-2021-28209 affects ASUS BMC firmware for ASMB9-iKVM, ASUS BMC firmware for RS720A-E9-RS24-E, ASUS BMC firmware for RS700A-E9-RS4, ASUS BMC firmware for RS700-E9-RS4, ASUS BMC firmware for ESC4000 G4X, ASUS BMC firmware for RS700-E9-RS12, ASUS BMC firmware for RS100-E10-PI2, ASUS BMC firmware for RS300-E10-PS4, ASUS BMC firmware for RS300-E10-RS4, ASUS BMC firmware for RS500A-E9-PS4, ASUS BMC firmware for RS500A-E9-RS4, ASUS BMC firmware for RS500A-E9 RS4, ASUS BMC firmware for E700 G4, ASUS BMC firmware for WS C422 PRO/SE, ASUS BMC firmware for WS X299 PRO/SE, ASUS BMC firmware for Z11PA-U12, ASUS BMC firmware for Z11PA-U12/10G-2S, ASUS BMC firmware for KNPA-U16, ASUS BMC firmware for ESC4000 DHD G4, ASUS BMC firmware for ESC4000 G4, ASUS BMC firmware for RS720Q-E9-RS24-S, ASUS BMC firmware for RS720Q-E9-RS8, ASUS BMC firmware for RS720Q-E9-RS8-S, ASUS BMC firmware for Z11PA-D8, ASUS BMC firmware for Z11PA-D8C, ASUS BMC firmware for RS720-E9-RS24-U, ASUS BMC firmware for RS720-E9-RS8-G, ASUS BMC firmware for RS500-E9-PS4, ASUS BMC firmware for Pro E800 G4, ASUS BMC firmware for RS500-E9-RS4, ASUS BMC firmware for RS500-E9-RS4-U, ASUS BMC firmware for RS520-E9-RS12-E, ASUS BMC firmware for RS520-E9-RS8, ASUS BMC firmware for ESC8000 G4, ASUS BMC firmware for ESC8000 G4/10G, ASUS BMC firmware for RS720-E9-RS12-E, ASUS BMC firmware for WS C621E SAGE, ASUS BMC firmware for RS500A-E10-PS4, ASUS BMC firmware for RS500A-E10-RS4, ASUS BMC firmware for RS700A-E9-RS12V2, ASUS BMC firmware for RS700A-E9-RS4V2, ASUS BMC firmware for RS720A-E9-RS12V2, ASUS BMC firmware for RS720A-E9-RS24V2, ASUS BMC firmware for Z11PR-D16.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.