ClickCease Supermicro IPMI Firmware Vulnerabilities Disclosed

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Supermicro IPMI Firmware Vulnerabilities Disclosed

Wajahat Raja

October 18, 2023 - TuxCare expert team

A number of security flaws have recently been discovered in Supermicro’s baseboard management controllers (BMCs). These Supermicro IPMI firmware vulnerabilities in the Intelligent Platform Management Interface (IPMI) pose serious dangers, including privilege escalation and the execution of malicious code on affected systems. In this blog, we will go through the specifics of these vulnerabilities, their repercussions, and the steps taken to address them.

 

Understanding Supermicro IPMI Firmware Vulnerabilities

 

Before we get into the security flaws in Supermicro IPMI firmware, it’s important to understand the components involved. BMCs, or baseboard management controllers, are specialized processors integrated into server motherboards. Their primary purpose is to facilitate remote management tasks, allowing system administrators to monitor hardware metrics, adjust fan speeds, and update system firmware even when the host operating system is offline.

 

IPMI Firmware Vulnerability Disclosure

 

Supermicro server vulnerabilities, numbered CVE-2023-40284 through CVE-2023-40290, have severity ratings ranging from High to Critical. Binarly, an expert in cybersecurity, has classified them as follows:

 

  1. CVE-2023-40284, CVE-2023-40287, and CVE-2023-40288 (CVSS scores: 9.6): These three vulnerabilities are categorized as cross-site scripting (XSS) flaws. They allow remote, unauthenticated attackers to execute arbitrary JavaScript code as a logged-in BMC user.
  2. CVE-2023-40285 and CVE-2023-40286 (CVSS score: 8.6): These two vulnerabilities are also XSS flaws, but they allow attackers to execute arbitrary JavaScript code by tampering with browser cookies or local storage, again within the context of a logged-in BMC user.
  3. CVE-2023-40289 (CVSS score: 9.1): This vulnerability represents an operating system command injection flaw. It allows malicious code to be executed by a user with administrative access, making it especially dangerous.
  4. CVE-2023-40290 (CVSS score: 8.3): This XSS vulnerability allows remote, unauthenticated attackers to execute arbitrary JavaScript code, but it is most effective when using Internet Explorer 11 on a Windows browser.

 

CVE-2023-40289 stands out as “critical” among these vulnerabilities since it allows authenticated attackers to obtain root access and entirely compromise the BMC system. This enhanced privilege enables attackers to persist, even after BMC component reboots, and to move laterally within the compromised infrastructure, infecting new endpoints.

 

Exploitation Scenarios

 

Understanding the remote exploits in IPMI firmware is the first step in devising effective mitigation measures against potential threats. The vulnerabilities, specifically CVE-2023-40284, CVE-2023-40287, and CVE-2023-40288, can be exploited to establish an account with administrative capabilities for the BMC IPMI software’s web server component. 

 

In a hypothetical scenario, a remote attacker might use these flaws in conjunction with CVE-2023-40289 to execute code. This could take the form of a phishing email sent to an administrator’s email account that contains a malicious link. By clicking on this URL, an XSS payload would be executed, potentially compromising the system.

 

It is worth noting that there hasn’t been any proof of malicious exploitation of these vulnerabilities in the field as of yet. However, as of October 2023, Binarly had recorded over 70,000 instances of internet-exposed Supermicro IPMI web interfaces.

 

The Road to Exploitation


Binarly has proposed a possible route for attackers. Initially, they could remotely breach the BMC system by exploiting weaknesses in the Web Server component, which was accessible through the internet. Following that, the attacker could obtain access to the server’s operating system via genuine iKVM remote control BMC functionality or by inserting malicious firmware into the target machine’s UEFI. This would give them persistent control over the host OS, allowing for lateral movement inside the internal network and compromising more devices.

 

Conclusion

 

Finally, the revelation of these cybersecurity risks in Supermicro systems highlights the continuous necessity for strong cybersecurity measures. Supermicro responded quickly by issuing a firmware update to fix these concerns. However, organizations must proactively examine and patch their systems to avoid possible exploitation. 

When it comes to safeguarding your Supermicro systems, implementing mitigation measures for Supermicro IPMI vulnerabilities is paramount. Patching solutions can help you reduce downtime, assure compliance, and keep your business running. While there is currently no evidence of hostile activity, being watchful and taking required steps is vital in protecting critical infrastructure.

The sources for this piece include articles in The Hacker News and Security Week

 

Summary
Supermicro IPMI Firmware Vulnerabilities Disclosed
Article Name
Supermicro IPMI Firmware Vulnerabilities Disclosed
Description
Discover critical Supermicro IPMI firmware vulnerabilities. Learn how to secure your systems from potential threats and stay protected.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter