Security
Headlines
HeadlinesLatestCVEs

Headline

New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers

Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers. “The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking),”

The Hacker News
#vulnerability#ios#mac#rce#The Hacker News

Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers.

“The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking),” firmware and hardware security company Eclypsium said in a report shared with The Hacker News.

BMCs are privileged independent systems within servers that are used to control low-level hardware settings and manage the host operating system, even in scenarios when the machine is powered off.

These capabilities make BMCs an enticing target for threat actors looking to plant persistent malware on devices that can survive operating system reinstalls and hard drive replacements.

Collectively called BMC&C, the newly identified issues can be exploited by attackers having access to remote management interfaces (IPMI) such as Redfish, potentially enabling adversaries to gain control of the systems and put cloud infrastructures at risk.

The most severe among the issues is CVE-2022-40259 (CVSS score: 9.9), a case of arbitrary code execution via the Redfish API that requires the attacker to already have a minimum level of access on the device (Callback privileges or higher).

CVE-2022-40242 (CVSS score: 8.3) relates to a hash for a sysadmin user that can be cracked and abused to gain administrative shell access, while CVE-2022-2827 (CVSS score: 7.5) is a bug in the password reset feature that can be exploited to determine if an account with a specific username exists.

"[CVE-2022-2827] allows for pinpointing pre-existing users and does not lead into a shell but would provide an attacker a list of targets for brute-force or credential stuffing attacks," the researchers explained.

The findings once again underscore the importance of securing the firmware supply chain and ensuring that BMC systems are not directly exposed to the internet.

“As data centers tend to standardize on specific hardware platforms, any BMC-level vulnerability would most likely apply to large numbers of devices and could potentially affect an entire data center and the services that it delivers,” the company said.

The findings come as Binarly disclosed multiple high-impact vulnerabilities in AMI-based devices that could result in memory corruption and arbitrary code execution during early boot phases (i.e., a pre-EFI environment).

Earlier this May, Eclypsium also uncovered what’s called a “Pantsdown” BMC flaw impacting Quanta Cloud Technology (QCT) servers, a successful exploitation of which could grant attackers full control over the devices.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Related news

Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks

Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser

Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller (BMC) software, nearly two months after three security vulnerabilities were brought to light in the same product. Firmware security firm Eclypsium said the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations. The issues, collectively

Firmware Flaws Could Spell 'Lights Out' for Servers

Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.

CVE-2022-2827

AMI MegaRAC User Enumeration Vulnerability

CVE-2022-40259

AMI MegaRAC Redfish Arbitrary Code Execution

CVE-2022-40259

AMI MegaRAC Redfish Arbitrary Code Execution

CVE-2022-40242

MegaRAC Default Credentials Vulnerability