ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/171137/ASUS-ASMB8-iKVM-1.14.51-SNMP-Remote-Root.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2023/Feb/15 | Exploit Mailing List Third Party Advisory |
https://nwsec.de/NWSSA-002-2023.txt | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2023-02-26T00:00:00
Updated: 2023-02-28T00:00:00
Reserved: 2023-02-26T00:00:00
Link: CVE-2023-26602
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-02-26T20:15:10.697
Modified: 2023-03-07T19:07:11.717
Link: CVE-2023-26602
JSON object: View
Redhat Information
No data.
CWE