CVE-2021-26733 - OpenCVE

A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lannerinc	Iac-ast2500a Iac-ast2500a Firmware

Configuration 1 [-]

AND

cpe:2.3:o:lannerinc:iac-ast2500a_firmware:1.10.0:*:*:*:*:*:*:*

cpe:2.3:h:lannerinc:iac-ast2500a:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/
https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26733/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Nozomi

Published: 2022-10-24T00:00:00

Updated: 2024-08-03T20:33:40.704Z

Reserved: 2021-02-05T00:00:00

Link: CVE-2021-26733

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-10-24T14:15:48.423

Modified: 2023-02-03T14:47:07.270

Link: CVE-2021-26733

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2021-26733", "assignerOrgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "assignerShortName": "Nozomi", "dateUpdated": "2024-08-03T20:33:40.704Z", "dateReserved": "2021-02-05T00:00:00", "datePublished": "2022-10-24T00:00:00"}, "containers": {"cna": {"title": "spx_restservice FirstReset_handler_func Broken Access Control", "providerMetadata": {"orgId": "bec8025f-a851-46e5-b3a3-058e6b0aa23c", "shortName": "Nozomi", "dateUpdated": "2022-12-01T00:00:00"}, "descriptions": [{"lang": "en", "value": "A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."}], "affected": [{"vendor": "Lanner Inc", "product": "IAC-AST2500A", "versions": [{"version": "1.10.0", "status": "affected"}]}], "references": [{"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"}, {"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26733/"}], "credits": [{"lang": "en", "value": "Andrea Palanca of Nozomi Networks found this bug during a security research activity."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-284 Improper Access Control", "cweId": "CWE-284"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26733/", "discovery": "EXTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:33:40.704Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/", "tags": ["x_transferred"]}, {"url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26733/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:lannerinc:iac-ast2500a_firmware:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "8DD71184-078B-4B7E-BCB5-11E55B5928B7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:lannerinc:iac-ast2500a:-:*:*:*:*:*:*:*", "matchCriteriaId": "9007683B-45DA-471A-9CCB-A587DED8D973", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0."}, {"lang": "es", "value": "Una vulnerabilidad de control de acceso rota en la funci\u00f3n FirstReset_handler_func de spx_restservice permite a un atacante enviar arbitrariamente comandos de reinicio al BMC, causando una condici\u00f3n de Denegaci\u00f3n de Servicio (DoS). Este problema afecta a: Lanner Inc IAC-AST2500A versi\u00f3n de firmware est\u00e1ndar 1.10.0"}], "id": "CVE-2021-26733", "lastModified": "2023-02-03T14:47:07.270", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}, "published": "2022-10-24T14:15:48.423", "references": [{"source": "prodsec@nozominetworks.com", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1/"}, {"source": "prodsec@nozominetworks.com", "tags": ["Third Party Advisory"], "url": "https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26733/"}], "sourceIdentifier": "prodsec@nozominetworks.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "prodsec@nozominetworks.com", "type": "Secondary"}]}