Vulnerabilities > Lannerinc > IAC Ast2500A Firmware > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-24 | CVE-2021-26733 | Unspecified vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0 A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. | 7.5 |
| 2022-10-24 | CVE-2021-44467 | Unspecified vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0 A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition, if an input parameter is correctly guessed. | 7.5 |
| 2022-10-24 | CVE-2021-46279 | Session Fixation vulnerability in Lannerinc Iac-Ast2500A Firmware 1.10.0 Session fixation and insufficient session expiration vulnerabilities allow an attacker to perfom session hijacking attacks against users. | 8.8 |