CVE-2021-26733 The FirstReset_handler_func function in spx_restservice has a broken access control vulnerability that allows an attacker to send reboot commands and cause a DoS.
Standard firmware version 1.10.0 is not affected by this issue. There is no patch available. Workaround: Update the BMC to standard firmware version 1.10.1 or greater. Fix: spx_restservice was updated to address a potential Denial-of-Service (DoS) condition in the FirstReset_handler_func function. The issue has been classified as a Broken Access Control vulnerability by Lanner, and patched in standard firmware version 1.10.1. What to do next? Update to the latest available firmware version.
CVE-2018-2122 spx_restservice is vulnerable to a Sybil attack due to the lack of authentication verification in the spx_restservice. What to do next? Update the BMC to the latest available firmware.
CVE-2018-2121 Multiple issues exist in the spx_restservice that could allow an attacker to remotely execute commands on the BMC. What to do next? Update the BMC to the latest available firmware.
CVE-2018-2119 The spx_restservice sends the administrator’s login information in the spx_batt_info parameter. What to do next? Ensure that the login information is not sent in the spx_batt_info parameter.
CVE-2018-2118 The spx_restservice sends the administrator’s password in the spx_restservice_password parameter. What to do next
Patching for Vulnerable Firmware Instance
There is no patch available. Workaround: Update the BMC to standard firmware version 1.10.1 or greater.
Timeline
Published on: 10/24/2022 14:15:00 UTC
Last modified on: 10/24/2022 18:04:00 UTC