spx_restservice FirstReset_handler_func Broken Access Control

Vulnerability

A broken access control vulnerability exists in the FirstReset_handler_func function of the spx_restservice component in Lanner Inc IAC-AST2500A standard firmware version 1.10.0. The flaw allows an attacker to send reboot commands to the BMC without proper authentication or authorization checks [1], [2].

Exploitation

An unauthenticated remote attacker can exploit this vulnerability by sending crafted network requests to the BMC's REST service. No prior authentication or user interaction is required. The attacker targets the FirstReset_handler_func endpoint to issue reboot commands [1], [2].

Impact

Successful exploitation causes the BMC to reboot immediately, resulting in a Denial-of-Service (DoS) condition. The BMC becomes inaccessible to legitimate users until the reboot completes. This impacts the availability of the management interface and any dependent remote monitoring or management functions [1], [2].

Mitigation

Fixed firmware versions that address this vulnerability are available from Lanner technical support. Asset owners should contact Lanner to obtain the patched firmware and apply it to affected devices [1], [2].