CVE-2021-45925 An attacker can guess legitimate user names registered in the BMC.

CVE-2021-45925 An attacker can guess legitimate user names registered in the BMC.

All IAC products that run on Lanner BMCs (including all IAC products that run on Lanner BMCs).

The IAC login process is vulnerable to an attack that allows an attacker to force the authentication of a user in the IAC system by injecting a valid user name that is registered in the IAC system. This issue affects: IAC-ACM5-RX standard firmware version 6.2.2.

IAC-ACM5-RX standard firmware version 6.3.0.

IAC-ACM5-RX standard firmware version 6.4.0.

IAC-ACM5-RX standard firmware version 6.5.0.

IAC-ACM5-RX standard firmware version 6.6.0.

IAC-ACM5-RX standard firmware version 6.7.0.

IAC-ACM5-RX standard firmware version 6.8.0.

IAC-ACM5-RX standard firmware version 6.9.0.

IAC-ACM5-RX standard firmware version 6.10.0.

IAC-ACM5-RX standard firmware version 6.11.0.

IAC-ACM5-RX standard firmware version 6.12.0.

IAC-ACM5-R

IAC Login Process Vulnerability - CVE 2021-45925

The IAC login process is vulnerable to an attack that allows an attacker to force the authentication of a user in the IAC system by injecting a valid user name that is registered in the IAC system. This issue affects: IAC-ACM5-RX standard firmware version 6.2.2.
IAC-ACM5-RX standard firmware version 6.3.0.
IAC-ACM5-RX standard firmware version 6.4.0.
IAC-ACM5-RX standard firmware version 6.5.0.
IAC-ACM5-RX standard firmware version 6.6.0.
IAC-ACM5-RX standard firmware version 6.7.0.
IAC-ACP5 - RX standard firmware version 6.8 0!
IACP 5 - RX standard firmware version 6 9 0!
IA CPM 5 - RX standard firmware versi on6 10 0 !  
IA CPFM 5 - RX standar dfirmware ver sion6 11 0!  
IA CCPN 5 - RX stan dard firmw are ver si on6 12 oo!

Summary

The IAC login process is vulnerable to an attack that allows an attacker to force the authentication of a user in the IAC system by injecting a valid user name that is registered in the IAC system. This issue affects:
IAC-ACM5-RX standard firmware version 6.2.2.

IAC-ACM5-RX standard firmware version 6.3.0.

IAC-ACM5-RX standard firmware version 6.4.0.

IAC-ACM5-RX standard firmware version 6.5.0.

IAC-ACM5-RX standard firmware version 6.6.0.

IAC-ACM5-RX standard firmware version 6.7.0.

IAC Login Process Vulnerability Summary

An attacker may exploit a vulnerability in the IAC login process to force the authentication of a user in the IAC system. This issue affects all products that run on Lanner BMCs, including all IAC products that run on Lanner BMCs.

Is IAC using a Lanner BMC?

Yes. All IAC products that run on Lanner BMCs.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe