PT-2022-12229 · Lanner · Lanner Inc Iac-Ast2500A
Andrea Palanca
·
Published
2022-10-24
·
Updated
2023-02-03
·
CVE-2021-44776
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Lanner Inc IAC-AST2500A standard firmware version 1.10.0
Description
A broken access control issue in the
SubNet handler func function of spx restservice allows an attacker to change security access rights to KVM and Virtual Media functionalities.Recommendations
For Lanner Inc IAC-AST2500A standard firmware version 1.10.0, consider restricting access to the
SubNet handler func function in spx restservice until a patch is available.Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lanner Inc Iac-Ast2500A