What is CVE-2023-26602?

CVE-2023-26602 is a vulnerability in N/a. Published 2023-02-26.

Is CVE-2023-26602 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2023-26602

ASUS ASMB8 iKVM firmware through 1.14.51 allows remote attackers to execute arbitrary code by using SNMP to create extensions, as demonstrated by snmpset for NET-SNMP-EXTEND-MIB with /bin/sh for command execution.

EPSS: 0.701 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

D1G17/CVE-2023-26602
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
nomi-sec/PoC-in-GitHub

References

nwsec.de/NWSSA-002-2023.txt
packetstormsecurity.com/files/171137/ASUS-ASMB8-iKVM-1.14.51-SNMP-Remote-Root.h…
20230227 [NetworkSEC NWSSA] CVE-2023-26602: ASUS ASMB8 iKVM RCE and SSH Root Access (mailing-list)

Frequently asked questions

What is CVE-2023-26602?: CVE-2023-26602 is a vulnerability in N/a. Published 2023-02-26.
Is CVE-2023-26602 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.