CVE-2023-26602

Name of the Vulnerable Software and Affected Versions ASUS ASMB8 iKVM firmware versions 1.14.51 and earlier

Description The issue allows remote attackers to execute arbitrary code by using SNMP to create extensions. This can be demonstrated by using snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution. The vulnerability is related to the implementation of the SNMPv2 protocol and the lack of measures to neutralize special elements, which can allow a remote attacker to execute arbitrary commands.

Recommendations For versions 1.14.51 and earlier, consider disabling SNMP until a patch is available to prevent exploitation. Restrict access to the NET-SNMP-EXTEND-MIB module to minimize the risk of exploitation. Avoid using the snmpset command with /bin/sh for command execution until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.