Three different security flaws were disclosed on American Megatrends (AMI). MegaRAC Baseboard Management Controller (BMC) software that can lead to remote code execution on vulnerable servers.
“The consequences of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, embedding ransomware and firmware, and physical damage (bricking) of servers,” Firmware said. and hardware security company Eclypsium. Said In a report shared with The Hacker News.
The BMC is a privileged, independent system within the server used to control low-level hardware settings and manage the host operating system, even in scenarios where the machine is powered off.
These features make BMC an attractive target for threat actors looking to instill persistent malware on devices that can survive operating system reinstalls and hard drive replacements.
generically BMC&Cthe newly identified issue could be exploited by an attacker with access to the remote management interface (IPMI) like that red fishAn attacker could take control of your system and compromise your cloud infrastructure.
The most severe of the issues is CVE-2022-40259 (CVSS score: 9.9), a case of arbitrary code execution via the Redfish API, where an attacker already has a minimal level of access to the device. must have (callback permission that’s all).
CVE-2022-40242 (CVSS score: 8.3) is related to the sysadmin user hash, which can be cracked and exploited to gain administrative shell access. On the other hand, CVE-2022-2827 (CVSS score: 7.5) is a password reset bug. A feature that can be abused to determine if an account with a particular username exists.
“[CVE-2022-2827] It can identify existing users and does not lead to a shell, but it does provide attackers with a list of targets for brute force or credential stuffing attacks,” the researchers explained.
The findings of this study reinforce the importance of securing the firmware supply chain and avoiding direct exposure of BMC systems to the Internet.
“Data centers tend to standardize on specific hardware platforms, so a BMC-level vulnerability is likely to apply to a large number of devices, potentially impacting an entire data center and the services it provides. There is a possibility
Findings are provided as disclosed in binary many high impact vulnerabilities AMI-based devices have the potential for memory corruption and arbitrary code execution during the early boot phase (i.e. pre-EFI environment).
Earlier this May, Eclypsium also discovered a so-called “pants-down” BMC flaw affecting Quanta Cloud Technology (QCT) servers. Exploitation of this could allow an attacker to gain complete control of the device.