CVE-2021-44467

Name of the Vulnerable Software and Affected Versions Lanner Inc IAC-AST2500A standard firmware version 1.10.0

Description A broken access control vulnerability in the KillDupUsr func function of spx restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition, if an input parameter is correctly guessed.

Recommendations For Lanner Inc IAC-AST2500A standard firmware version 1.10.0, as a temporary workaround, consider disabling the KillDupUsr func function until a patch is available. Restrict access to the spx restservice to minimize the risk of exploitation. Avoid using the vulnerable input parameter in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.