Researchers disclose vulnerabilities in IP KVMs from four manufacturers
Summary
Ars Technica reports nine vulnerabilities across IP KVMs from four manufacturers, with some flaws permitting unauthenticated root access and other high-severity issues. The piece underscores the risk of Internet-facing IP KVMs and provides CVE details, patch status, and vendor-specific notes, while recommending inventory, strong authentication, VPN usage, and network scanning to mitigate exposure. It also highlights that Angeet/Yeeso devices have no fixes yet and that over 1,300 IP KVMs were seen on the Internet in a scan.