Lucene search
+L

91 matches found

Vulnrichment
Vulnrichment
added 2022/10/24 12:0 a.m.7 views

CVE-2021-44467 spx_restservice KillDupUsr_func Broken Access Control

A broken access control vulnerability in the KillDupUsrfunc function of spxrestservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service DoS condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A...

5.3CVSS7.5AI score0.00652EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/24 12:0 a.m.9 views

PT-2022-9795 · Lanner · Lanner Inc Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: A broken access control issue in the FirstReset handler func function of spx restservice allows an attacker to send arbitrary reboot commands to the BMC, resulting in a...

7.5CVSS7.6AI score0.00652EPSS
Exploits0References3
CVE
CVE
added 2022/10/24 12:0 a.m.57 views

CVE-2021-44776

CVE-2021-44776 describes a broken access control in the SubNet_handler_func of spx_restservice, affecting Lanner Inc IAC-AST2500A standard firmware version 1.10.0. The vulnerability enables an attacker to arbitrarily change security access rights to KVM and Virtual Media functions. Sources consis...

6.5CVSS5.4AI score0.00443EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/10/24 12:0 a.m.5 views

Lanner IAC-AST2500A 输入验证错误漏洞

The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. An input validation error vulnerability exists in the Lanner IAC-AST2500A standard firmware...

6.5CVSS6.6AI score0.00418EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/10/24 12:0 a.m.6 views

Lanner IAC-AST2500A 安全漏洞

The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A security vulnerability exists in the Lanner IAC-AST2500A standard firmware version 1.00.0,...

6.5CVSS5.9AI score0.00443EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/10/24 12:0 a.m.7 views

CVE-2021-45925 Username Enumeration

Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

5.3CVSS5.2AI score0.00505EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/10/24 12:0 a.m.8 views

PT-2022-12629 · Lanner · Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A version 1.10.0 Description: Session fixation and insufficient session expiration vulnerabilities allow an attacker to perform session hijacking attacks against users. Recommendations: For Lanner Inc IAC-AST2500A versio...

8.8CVSS8.7AI score0.00399EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/24 12:0 a.m.5 views

PT-2022-12228 · Lanner · Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service DoS condition. This condition can only...

6.5CVSS6.3AI score0.00418EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/10/24 12:0 a.m.6 views

CVE-2021-26727 spx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Overflows

Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNethandlerfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10...

10CVSS9.9AI score0.02285EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/24 12:0 a.m.23 views

CVE-2021-44467 spx_restservice KillDupUsr_func Broken Access Control

A broken access control vulnerability in the KillDupUsrfunc function of spxrestservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service DoS condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A...

5.3CVSS7.6AI score0.00652EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/24 12:0 a.m.32 views

CVE-2021-45925 Username Enumeration

Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

5.3CVSS5.5AI score0.00505EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/24 12:0 a.m.28 views

CVE-2021-46279 Session Fixation and Insufficient Session Expiration

Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

5.8CVSS8.9AI score0.00399EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/24 12:0 a.m.22 views

CVE-2021-44769 TLS Certificate Generation Function Improper Input Validation

An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service DoS condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

4.9CVSS6.5AI score0.00418EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/24 12:0 a.m.29 views

CVE-2021-44776 spx_restservice SubNet_handler_func Broken Access Control

A broken access control vulnerability in the SubNethandlerfunc function of spxrestservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

6.5CVSS6.7AI score0.00443EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/24 12:0 a.m.6 views

Lanner IAC-AST2500A 安全漏洞

The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A security vulnerability exists in the Lanner IAC-AST2500A standard firmware version 1.00.0,...

7.5CVSS7.4AI score0.00652EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/10/24 12:0 a.m.5 views

Lanner IAC-AST2500A 缓冲区错误漏洞

The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A buffer error vulnerability exists in the Lanner IAC-AST2500A standard firmware version...

10CVSS9.4AI score0.02285EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/10/24 12:0 a.m.5 views

PT-2022-12125 · Lanner · Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: A broken access control vulnerability in the KillDupUsr func function of spx restservice allows an attacker to arbitrarily terminate active sessions of other users, causing...

7.5CVSS6.6AI score0.00652EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2022/10/24 12:0 a.m.7 views

CVE-2021-44769 TLS Certificate Generation Function Improper Input Validation

An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service DoS condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

4.9CVSS6.3AI score0.00418EPSS
Exploits0References2
CVE
CVE
added 2022/10/24 12:0 a.m.54 views

CVE-2021-45925

CVE-2021-45925 affects Lanner Inc IAC-AST2500A standard firmware v1.10.0. Multiple connected sources confirm a vulnerability in the login process that allows observable discrepancies enabling an attacker to enumerate/guess legitimate BMC usernames. The root cause is described as a login process d...

5.3CVSS5.2AI score0.00505EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/10/24 12:0 a.m.7 views

CVE-2021-4228 Hard-coded TLS Certificate

Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle MitM attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0...

5.8CVSS7AI score0.09946EPSS
Exploits0References2
Rows per page
Query Builder