Security
Headlines
HeadlinesLatestCVEs

Headline

Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations. The issues, collectively

The Hacker News
#vulnerability#ios#intel#rce#lenovo#auth#The Hacker News

Server and Cloud Security

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after three security vulnerabilities were brought to light in the same product.

Firmware security firm Eclypsium said the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations.

The issues, collectively tracked as BMC&C, could act as springboard for cyber attacks, enabling threat actors to obtain remote code execution and unauthorized device access with superuser permissions.

The two new flaws in question are as follows -

  • CVE-2022-26872 (CVSS score: 8.3) - ​​Password reset interception via API
  • CVE-2022-40258 (CVSS score: 5.3) - Weak password hashes for Redfish and API

Specifically, MegaRAC has been found to use the MD5 hashing algorithm with a global salt for older devices, or SHA-512 with per user salts on newer appliances, potentially allowing a threat actor to crack the passwords.

CVE-2022-26872, on the other hand, leverages an HTTP API to dupe a user into initiating a password reset by means of a social engineering attack, and set a password of the adversary’s choice.

CVE-2022-26872 and CVE-2022-40258 add to three other vulnerabilities disclosed in December, including CVE-2022-40259 (CVSS score: 9.9), CVE-2022-40242 (CVSS score: 8.3), and CVE-2022-2827 (CVSS score: 7.5).

It’s worth pointing out that the weaknesses are exploitable only in scenarios where the BMCs are exposed to the internet or in cases where the threat actor has already gained initial access into a data center or administrative network by other methods.

The blast radius of BMC&C is currently unknown, but Eclypsium said it’s working with AMI and other parties to determine the scope of impacted products and services.

Gigabyte, Hewlett Packard Enterprise, Intel, and Lenovo have all released updates to address the security defects in their devices. NVIDIA is expected to ship a fix in May 2023.

“The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking),” Eclypsium noted.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks

Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser

Firmware Flaws Could Spell 'Lights Out' for Servers

Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.

Firmware Flaws Could Spell 'Lights Out' for Servers

Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.

Firmware Flaws Could Spell 'Lights Out' for Servers

Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.

Firmware Flaws Could Spell 'Lights Out' for Servers

Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.

Firmware Flaws Could Spell 'Lights Out' for Servers

Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.

CVE-2022-26872

AMI Megarac Password reset interception via API

CVE-2022-40259

AMI MegaRAC Redfish Arbitrary Code Execution

CVE-2022-40259

AMI MegaRAC Redfish Arbitrary Code Execution

CVE-2022-40242

MegaRAC Default Credentials Vulnerability

CVE-2022-2827

AMI MegaRAC User Enumeration Vulnerability

New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers

Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers. "The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking),"

New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers

Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers. "The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking),"

New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers

Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers. "The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking),"