Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-44776— spx_restservice SubNet_handler_func Broken Access Control

CVSS 6.5 · Medium EPSS 0.12% · P31
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-44776

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
spx_restservice SubNet_handler_func Broken Access Control
Source: NVD (National Vulnerability Database)
Vulnerability Description
A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Lanner IAC-AST2500A 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Lanner IAC-AST2500A是中国立端(Lanner)公司的一个模块和加速卡。适合 Lanner 网络设备,以支持基于 IPMI 标准的系统运行状况远程管理和监控。 Lanner IAC-AST2500A standard firmware 1.00.0版本存在安全漏洞,该漏洞源于其spx_restservice的SubNet_handler_func函数中不正确的访问控制允许攻击者任意更改KVM和虚拟媒体功能的安全访问权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Lanner IncIAC-AST2500A 1.10.0 -

II. Public POCs for CVE-2021-44776

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2021-44776

登录查看更多情报信息。

Same Patch Batch · Lanner Inc · 2022-10-24 · 13 CVEs total

CVE-2021-2672710.0 CRITICALspx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Ove
CVE-2021-2672810.0 CRITICALspx_restservice KillDupUsr_func Command Injection and Stack-Based Buffer Overflow
CVE-2021-2672910.0 CRITICALspx_restservice Login_handler_func Command Injection and Multiple Stack-Based Buffer Overf
CVE-2021-2673010.0 CRITICALspx_restservice Login_handler_func Subfunction Stack-Based Buffer Overflow
CVE-2021-267319.1 CRITICALspx_restservice modifyUserb_func Command Injection and Multiple Stack-Based Buffer Overflo
CVE-2021-267326.5 MEDIUMspx_restservice First_network_func Broken Access Control
CVE-2021-42285.8 MEDIUMHard-coded TLS Certificate
CVE-2021-462795.8 MEDIUMSession Fixation and Insufficient Session Expiration
CVE-2021-267335.3 MEDIUMspx_restservice FirstReset_handler_func Broken Access Control
CVE-2021-444675.3 MEDIUMspx_restservice KillDupUsr_func Broken Access Control
CVE-2021-459255.3 MEDIUMUsername Enumeration
CVE-2021-447694.9 MEDIUMTLS Certificate Generation Function Improper Input Validation

IV. Related Vulnerabilities

Same product: IAC-AST2500A
Same vendor: Lanner Inc
Same weakness: CWE-284

V. Comments for CVE-2021-44776

No comments yet

Leave a comment