91 matches found
CVE-2021-44467 spx_restservice KillDupUsr_func Broken Access Control
A broken access control vulnerability in the KillDupUsrfunc function of spxrestservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service DoS condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A...
PT-2022-9795 · Lanner · Lanner Inc Iac-Ast2500A
Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: A broken access control issue in the FirstReset handler func function of spx restservice allows an attacker to send arbitrary reboot commands to the BMC, resulting in a...
CVE-2021-44776
CVE-2021-44776 describes a broken access control in the SubNet_handler_func of spx_restservice, affecting Lanner Inc IAC-AST2500A standard firmware version 1.10.0. The vulnerability enables an attacker to arbitrarily change security access rights to KVM and Virtual Media functions. Sources consis...
Lanner IAC-AST2500A 输入验证错误漏洞
The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. An input validation error vulnerability exists in the Lanner IAC-AST2500A standard firmware...
Lanner IAC-AST2500A 安全漏洞
The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A security vulnerability exists in the Lanner IAC-AST2500A standard firmware version 1.00.0,...
CVE-2021-45925 Username Enumeration
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...
PT-2022-12629 · Lanner · Iac-Ast2500A
Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A version 1.10.0 Description: Session fixation and insufficient session expiration vulnerabilities allow an attacker to perform session hijacking attacks against users. Recommendations: For Lanner Inc IAC-AST2500A versio...
PT-2022-12228 · Lanner · Iac-Ast2500A
Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service DoS condition. This condition can only...
CVE-2021-26727 spx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Overflows
Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNethandlerfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10...
CVE-2021-44467 spx_restservice KillDupUsr_func Broken Access Control
A broken access control vulnerability in the KillDupUsrfunc function of spxrestservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service DoS condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A...
CVE-2021-45925 Username Enumeration
Observable discrepancies in the login process allow an attacker to guess legitimate user names registered in the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...
CVE-2021-46279 Session Fixation and Insufficient Session Expiration
Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...
CVE-2021-44769 TLS Certificate Generation Function Improper Input Validation
An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service DoS condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...
CVE-2021-44776 spx_restservice SubNet_handler_func Broken Access Control
A broken access control vulnerability in the SubNethandlerfunc function of spxrestservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...
Lanner IAC-AST2500A 安全漏洞
The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A security vulnerability exists in the Lanner IAC-AST2500A standard firmware version 1.00.0,...
Lanner IAC-AST2500A 缓冲区错误漏洞
The Lanner IAC-AST2500A is a module and accelerator card from Lanner. It is suitable for Lanner network devices to support remote management and monitoring of system operation based on the IPMI standard. A buffer error vulnerability exists in the Lanner IAC-AST2500A standard firmware version...
PT-2022-12125 · Lanner · Iac-Ast2500A
Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A standard firmware version 1.10.0 Description: A broken access control vulnerability in the KillDupUsr func function of spx restservice allows an attacker to arbitrarily terminate active sessions of other users, causing...
CVE-2021-44769 TLS Certificate Generation Function Improper Input Validation
An improper input validation vulnerability in the TLS certificate generation function allows an attacker to cause a Denial-of-Service DoS condition which can only be reverted via a factory reset. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...
CVE-2021-45925
CVE-2021-45925 affects Lanner Inc IAC-AST2500A standard firmware v1.10.0. Multiple connected sources confirm a vulnerability in the login process that allows observable discrepancies enabling an attacker to enumerate/guess legitimate BMC usernames. The root cause is described as a login process d...
CVE-2021-4228 Hard-coded TLS Certificate
Use of hard-coded TLS certificate by default allows an attacker to perform Man-in-the-Middle MitM attacks even in the presence of the HTTPS connection. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.00.0...