Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-44467
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
spx_restservice KillDupUsr_func Broken Access Control
Source: NVD (National Vulnerability Database)
Vulnerability Description
A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
访问控制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Lanner IAC-AST2500A 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Lanner IAC-AST2500A是中国立端(Lanner)公司的一个模块和加速卡。适合 Lanner 网络设备,以支持基于 IPMI 标准的系统运行状况远程管理和监控。 Lanner IAC-AST2500A standard firmware 1.00.0版本存在安全漏洞,该漏洞源于其spx_restservice的KillDupUsr_func函数中不正确的访问控制允许攻击者任意终止其他用户的活动会话,导致拒绝服务。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Lanner IncIAC-AST2500A 1.10.0 -
II. Public POCs for CVE-2021-44467
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-44467
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: IAC-AST2500A
Same vendor: Lanner Inc
Same weakness: CWE-284
V. Comments for CVE-2021-44467

No comments yet

Leave a comment