Products

Solutions

Company

Book A Live Demo

CVE-2021-28208 : Security Advisory and Response

Learn about CVE-2021-28208, a medium-severity vulnerability in ASUS BMC firmware allowing path traversal attacks. Understand the impact, affected systems, and mitigation steps for ASUS products.

This article provides details about the CVE-2021-28208 vulnerability in ASUS BMC firmware, outlining its impact, technical details, and mitigation steps.

Understanding CVE-2021-28208

CVE-2021-28208 is a vulnerability in ASUS BMC firmware that allows remote attackers to access system files by exploiting a specific function in the firmware's Web management page.

What is CVE-2021-28208?

The vulnerability arises from the lack of parameter filtering in ASUS BMC firmware, enabling remote attackers to leverage path traversal techniques to obtain administrator permissions and access sensitive system files.

The Impact of CVE-2021-28208

With a CVSS base score of 4.9, the vulnerability poses a medium-severity risk, particularly affecting confidentiality by enabling unauthorized access to system files.

Technical Details of CVE-2021-28208

The vulnerability is categorized as CWE-22 - Improper Limitation of a Pathname, allowing for a 'Path Traversal' attack vector.

Vulnerability Description

The specific function in ASUS BMC's firmware Web management page (Get video file function) lacks parameter filtering, allowing remote attackers to conduct path traversal attacks.

Affected Systems and Versions

Multiple ASUS BMC firmware versions are affected, including versions 1.09 to 1.15.6 across various ASUS products.

Exploitation Mechanism

Remote attackers with high privileges can exploit the vulnerability through path traversal, circumventing access restrictions to reach critical system files.

Mitigation and Prevention

To address CVE-2021-28208, it is crucial to update the affected ASUS BMC firmware versions to ensure system security.

Immediate Steps to Take

Update ASUS BMC's firmwares to the specified versions provided by ASUS in their security advisory.

Long-Term Security Practices

Regularly monitor ASUS security advisories for firmware updates and implement robust access control mechanisms to mitigate similar vulnerabilities.

Patching and Updates

Refer to ASUS' Product Security Advisory for detailed instructions on updating BMC firmware versions to patch the vulnerability.

CVE-2021-28208 : Security Advisory and Response

Understanding CVE-2021-28208

What is CVE-2021-28208?

The Impact of CVE-2021-28208

Technical Details of CVE-2021-28208

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities?
Find Out Now

CVE-2021-28208 : Security Advisory and Response

.css-lczsrn{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:24px;font-weight:700;margin-top:1rem;font-family:sans-serif;}Understanding CVE-2021-28208

.css-ru2q5j{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:1.2rem;font-weight:700;margin-top:1rem;margin-bottom:0rem;font-family:sans-serif;}What is CVE-2021-28208?

The Impact of CVE-2021-28208

Technical Details of CVE-2021-28208

Vulnerability Description

Affected Systems and Versions

Exploitation Mechanism

Mitigation and Prevention

Immediate Steps to Take

Long-Term Security Practices

Patching and Updates

Popular CVEs

CVE Id

Published Date

Is your System Free of Underlying Vulnerabilities? Find Out Now

Understanding CVE-2021-28208

What is CVE-2021-28208?

Is your System Free of Underlying Vulnerabilities?
Find Out Now