CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:C/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
58.9%
The specific function in ASUS BMC’s firmware Web management page (Record video file function) does not filter the specific parameter. As obtaining the administrator permission, remote attackers can use the means of path traversal to access system files.
Vendor | Product | Version | CPE |
---|---|---|---|
asus | asmb9-ikvm_firmware | 1.11.12 | cpe:2.3:o:asus:asmb9-ikvm_firmware:1.11.12:*:*:*:*:*:*:* |
asus | asmb9-ikvm | - | cpe:2.3:h:asus:asmb9-ikvm:-:*:*:*:*:*:*:* |
asus | rs720a-e9-rs24-e_firmware | 1.10.3 | cpe:2.3:o:asus:rs720a-e9-rs24-e_firmware:1.10.3:*:*:*:*:*:*:* |
asus | rs720a-e9-rs24-e | - | cpe:2.3:h:asus:rs720a-e9-rs24-e:-:*:*:*:*:*:*:* |
asus | rs700a-e9-rs4_firmware | 1.10.0 | cpe:2.3:o:asus:rs700a-e9-rs4_firmware:1.10.0:*:*:*:*:*:*:* |
asus | rs700a-e9-rs4 | - | cpe:2.3:h:asus:rs700a-e9-rs4:-:*:*:*:*:*:*:* |
asus | rs700-e9-rs4_firmware | 1.09 | cpe:2.3:o:asus:rs700-e9-rs4_firmware:1.09:*:*:*:*:*:*:* |
asus | rs700-e9-rs4 | - | cpe:2.3:h:asus:rs700-e9-rs4:-:*:*:*:*:*:*:* |
asus | esc4000_g4x_firmware | 1.11.6 | cpe:2.3:o:asus:esc4000_g4x_firmware:1.11.6:*:*:*:*:*:*:* |
asus | esc4000_g4x | - | cpe:2.3:h:asus:esc4000_g4x:-:*:*:*:*:*:*:* |
[
{
"product": "BMC firmware for ASMB9-iKVM",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.12"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.3"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.10.0"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.09"
}
]
},
{
"product": "BMC firmware for ESC4000 G4X",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.6"
}
]
},
{
"product": "BMC firmware for RS700-E9-RS12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.11.5"
}
]
},
{
"product": "BMC firmware for RS100-E10-PI2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS300-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.6"
}
]
},
{
"product": "BMC firmware for RS500A-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS500A-E9 RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for E700 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS C422 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for WS X299 PRO/SE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PA-U12/10G-2S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for KNPA-U16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.4"
}
]
},
{
"product": "BMC firmware for ESC4000 DHD G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.13.7"
}
]
},
{
"product": "BMC firmware for ESC4000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS24-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for RS720Q-E9-RS8-S",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.0"
}
]
},
{
"product": "BMC firmware for Z11PA-D8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for Z11PA-D8C",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.1"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS24-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.3"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS8-G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for Pro E800 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.14.2"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS500-E9-RS4-U",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for RS520-E9-RS8",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
},
{
"product": "BMC firmware for ESC8000 G4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for ESC8000 G4/10G",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.4"
}
]
},
{
"product": "BMC firmware for RS720-E9-RS12-E",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for WS C621E SAGE",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS500A-E10-PS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS500A-E10-RS4",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS700A-E9-RS4V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS12V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.2"
}
]
},
{
"product": "BMC firmware for RS720A-E9-RS24V2",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.1"
}
]
},
{
"product": "BMC firmware for Z11PR-D16",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "1.15.3"
}
]
}
]
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:C/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
58.9%