← back
CVE-2023-26602

CVE-2023-26602

EPSS 17.4%
ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/171137/ASUS-ASMB8-iKVM-1.14.51-SNMP-Remote-Root.htmlunverifiedexploitdbwww.exploit-db.com/exploits/52244unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/171137/ASUS-ASMB8-iKVM-1.14.51-SNMP-Remote-Root.htmlhttp://seclists.org/fulldisclosure/2023/Feb/15https://nwsec.de/NWSSA-002-2023.txt