All IAC products that run on Lanner BMCs (including all IAC products that run on Lanner BMCs).
The IAC login process is vulnerable to an attack that allows an attacker to force the authentication of a user in the IAC system by injecting a valid user name that is registered in the IAC system. This issue affects: IAC-ACM5-RX standard firmware version 6.2.2.
IAC-ACM5-RX standard firmware version 6.3.0.
IAC-ACM5-RX standard firmware version 6.4.0.
IAC-ACM5-RX standard firmware version 6.5.0.
IAC-ACM5-RX standard firmware version 6.6.0.
IAC-ACM5-RX standard firmware version 6.7.0.
IAC-ACM5-RX standard firmware version 6.8.0.
IAC-ACM5-RX standard firmware version 6.9.0.
IAC-ACM5-RX standard firmware version 6.10.0.
IAC-ACM5-RX standard firmware version 6.11.0.
IAC-ACM5-RX standard firmware version 6.12.0.
IAC-ACM5-R
IAC Login Process Vulnerability - CVE 2021-45925
The IAC login process is vulnerable to an attack that allows an attacker to force the authentication of a user in the IAC system by injecting a valid user name that is registered in the IAC system. This issue affects: IAC-ACM5-RX standard firmware version 6.2.2.
IAC-ACM5-RX standard firmware version 6.3.0.
IAC-ACM5-RX standard firmware version 6.4.0.
IAC-ACM5-RX standard firmware version 6.5.0.
IAC-ACM5-RX standard firmware version 6.6.0.
IAC-ACM5-RX standard firmware version 6.7.0.
IAC-ACP5 - RX standard firmware version 6.8 0!
IACP 5 - RX standard firmware version 6 9 0!
IA CPM 5 - RX standard firmware versi on6 10 0 !
IA CPFM 5 - RX standar dfirmware ver sion6 11 0!
IA CCPN 5 - RX stan dard firmw are ver si on6 12 oo!
Summary
The IAC login process is vulnerable to an attack that allows an attacker to force the authentication of a user in the IAC system by injecting a valid user name that is registered in the IAC system. This issue affects:
IAC-ACM5-RX standard firmware version 6.2.2.
IAC-ACM5-RX standard firmware version 6.3.0.
IAC-ACM5-RX standard firmware version 6.4.0.
IAC-ACM5-RX standard firmware version 6.5.0.
IAC-ACM5-RX standard firmware version 6.6.0.
IAC-ACM5-RX standard firmware version 6.7.0.
IAC Login Process Vulnerability Summary
An attacker may exploit a vulnerability in the IAC login process to force the authentication of a user in the IAC system. This issue affects all products that run on Lanner BMCs, including all IAC products that run on Lanner BMCs.
Is IAC using a Lanner BMC?
Yes. All IAC products that run on Lanner BMCs.
Timeline
Published on: 10/24/2022 14:15:00 UTC
Last modified on: 10/24/2022 18:28:00 UTC