13 matches found
CVE-2022-22309
The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095...
Design/Logic Flaw
The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095...
CVE-2022-22309
Summary: CVE-2022-22309 affects IBM POWER systems, where the firmware service processor (FSP) is vulnerable to unauthenticated logins via the physical serial port/TTY interface. Root cause/impact: Unauthenticated access could allow login through the serial interface, with CVSS v3.1/3.0 vectors in...
CVE-2022-22309
The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095...
Digi RealPort Licensing Issue Vulnerability
Digi RealPort is a proprietary Serial-over-LAN encapsulation protocol. It provides virtual connectivity to serial devices anywhere on the network by encapsulating ICS protocol data in a TCP-based protocol. Authentication is not performed. No details of the vulnerability are currently available...
The vulnerability in the implementation of the Extensible Authentication Protocol over LAN (EAPOL) on the NetBSD operating system allows a perpetrator to induce a service failure.
The vulnerability of the Extensible Authentication Protocol over LAN EAPOL implementation in the NetBSD operating system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to cause service failures...
Multiple NEC Products vulnerable to authentication bypass
Overview In Intelligent Platform Management Interface IPMI v1.5, Remote Management Control Protocol RMCP to access BMC through LAN is prescribed. Multiple NEC products which conduct RMCP access using IPMI over LAN contain an issue in implementations of the BMC firmware and when accessing BMC...
wpa_supplicant: Unauthenticated EAPOL-Key decryption in wpa_supplicant
An issue was discovered in rsnsupp/wpa.c in wpasupplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive...
Platinum APT First to Abuse Intel Chip Management Feature
Advanced attackers operating in Southeast Asia are abusing a feature in Intel chips to quietly load malware and exploits onto compromised machines. Microsoft on Thursday published its latest research into a group it calls Platinum, which is keen on using previously untapped resources to stealthil...
Oracle: Security Advisory (ELSA-2008-0885)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cisco Unified Computing System Serial over LAN Static Private Key Vulnerability (CSCte90338)
A vulnerability in the Cisco Unified Computing System Serial over LAN SoL implementation could allow an unauthenticated, remote attacker to perform a man-in-the-middle MITM attack. The vulnerability occurs because the Board Management Controller BMC uses a hard-coded private key. An attacker coul...
Cisco Unified Computing System Serial over LAN Static Private Key Vulnerability
A vulnerability in the Cisco Unified Computing System Serial over LAN SoL implementation could allow an unauthenticated, remote attacker to perform a man-in-the-middle MITM attack. The vulnerability occurs because the Board Management Controller BMC uses a hard-coded private key. An attacker coul...
CentOS 5 : kernel (CESA-2008:0885)
Updated kernel packages that fix various security issues and several bugs are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The kernel packages contain the Linux kernel, the core of any Linux...