ClickCease Supply chain vulnerabilities put server ecosystem at risk

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Supply chain vulnerabilities put server ecosystem at risk

Obanla Opeyemi

December 23, 2022 - TuxCare expert team

Eclypsium Research has identified and reported three vulnerabilities in American Megatrends, Inc. (AMI) MegaRAC Baseboard Management Controller (BMC) software.

This is used by AMD, Ampere, Asrock, Asus, Arm, Dell, Gigabyte, HPE, Huawei, Inspur, Lenovo, Nvidia, Qualcomm, Quanta, and Tyan and could allow remote code execution on vulnerable servers.

“The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking),” Eclypsium said in a blog post.

Eclypsium’s AMI and BMC research resulted in the discovery of three vulnerabilities, which the company refers to as BMC&C. The flaws can be dangerous both to personal devices, and cloud services and data centers services.

The most serious vulnerability is CVE-2022-40259 (CVSS score:9.9), an arbitrary code execution via Redfish API that requires the intruder to have a minimum level of access on the device. While CVE-2022-40242(CVSS score:8.3) has a connection with a hash in /etc/shadow for the sysadmin user, and CVE-2022-2827 (CVSS 7.5) enables hackers to check for the existence of user profiles by generating a random list of possible account names.

Attackers with access to remote management interfaces (IPMI) such as Redfish can exploit the newly discovered issues, potentially allowing adversaries to gain control of the systems and jeopardize cloud infrastructures.

Nate Warfield, Eclypsium’s director of intelligence and threat research, stated that the attack is carried out using server management tools and that the threat actor only needs remote access to the vulnerable server.

“Attackers need remote access to the BMC. The vulnerabilities are trivial to exploit, and only one of the three requires some level of privilege,” Warfield explained. “Organizations with large server farms, data centers and potentially cloud and hosting providers are particularly vulnerable for this kind of exploit.”

“These vulnerabilities could be exploited by an attacker that has gained initial access into a data center or administrative network. As data centers tend to standardize on specific hardware platforms, any BMC-level vulnerability would most likely apply to large numbers of devices and could potentially affect an entire data center and the services that it delivers,” Eclypsium said.

 

The sources for this piece include an article in SCMedia.

Summary
Supply chain vulnerabilities put server ecosystem at risk
Article Name
Supply chain vulnerabilities put server ecosystem at risk
Description
Researchers have identified three vulnerabilities in American Megatrends, Inc. (AMI) MegaRAC Baseboard Management Controller (BMC) software.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023