• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • About Us
  • Contact Us
  • Block Examples
  • Landing Page

iHash

News and How to's

  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

BMC Vulnerabilities Expose Supermicro Servers to Remote USB-Attacks

Sep 3, 2019 by iHash Leave a Comment

hacking-bmc-server
Enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in malicious USB devices, cybersecurity researchers at firmware security company Eclypsium told The Hacker News.

Yes, that’s correct. You can launch all types of USB attacks against vulnerable Supermicro servers without actually physically accessing them or waiting for your victim to pick up an unknown, untrusted USB drive and plug it into their computer.

Collectively dubbed “USBAnywhere,” the attack leverages several newly discovered vulnerabilities in the firmware of BMC controllers that could let an unauthorized, remote attacker connect to a Supermicro server and virtually mount malicious USB device.

Comes embedded with a majority of server chipsets, a baseboard management controller (BMC) is a hardware chip at the core of Intelligent Platform Management Interface (IPMI) utilities that allows sysadmins to remotely control and monitor a server without having to access the operating system or applications running on it.

In other words, BMC is an out-of-band management system that allows admins to remotely reboot a device, analyze logs, install an operating system, and update the firmware—making it one of the most privileged components in enterprise technology today.

One such BMC ability includes mounting virtual media to connect a disk image as a virtual USB CD-ROM or floppy drive with a remote server.

According to a report published today by Eclypsium and shared with The Hacker News prior to the publication, BMCs on Supermicro X9, X10, and X11 platforms use an insecure implementation to authenticate the client and transport USB packets between client and server.

BMC Vulnerabilities

These weaknesses, listed below, can easily be exploited by a remote attacker to bypass authentication process over virtual media service listening on TCP port 623 or intercept traffic to recover weakly encrypted BMC credentials or totally unencrypted credentials.

  • Plaintext Authentication
  • Unencrypted Network Traffic
  • Weak Encryption
  • Authentication Bypass (X10 and X11 platforms only)

“When accessed remotely, the virtual media service allows plaintext authentication, sends most traffic unencrypted, uses a weak encryption algorithm for the rest, and is susceptible to an authentication bypass,” the researchers explain.

“These issues allow an attacker to easily gain access to a server, either by capturing a legitimate user’s authentication packet, using default credentials, and in some cases, without any credentials at all.”

Once connected, the compromised virtual media service lets attackers interact with the host system as a raw USB device, allowing them to perform everything that can be done with physical access to a USB port, including:

  • data exfiltration,
  • implant malware,
  • booting from untrusted OS images,
  • direct manipulation of the system via a virtual keyboard and mouse, and
  • disable the device entirely.

According to the researchers, a scan of TCP port 623 across the Internet revealed more than 47,000 BMCs from over 90 different countries with the affected BMC firmware virtual media service publicly accessible.

Besides exploiting BMCs where virtual media services are directly exposed on the Internet, these flaws can also be exploited by an attacker with access to a closed corporate network or man-in-the-middle attackers within the client-side networks.

The researchers reported their findings to Supermicro in June and July this year. The company acknowledged the issues in August and publicly released a firmware update for their X9, X10 and X11 platforms before September 3rd.

Organizations are therefore encouraged to update their BMC firmware as soon as possible. Moreover, it is important to make sure that BMCs should never be directly exposed to the Internet, as direct exposure to the Internet greatly increases the likelihood of such attacks.

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: BMC, computer security, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, Expose, hacker news, hacking news, how to hack, information security, network security, ransomware malware, remote, Servers, software vulnerability, Supermicro, the hacker news, USBAttacks, Vulnerabilities

Special Offers

  • Swarovski Vintage Swan Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $52

    Swarovski Vintage Swan Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $52
  • Accordina Ambient LED Collapsible Wireless Phone Charger for $29

    Accordina Ambient LED Collapsible Wireless Phone Charger for $29
  • Swarovski "Bee A Queen" Rhodium-Plated Crystal Necklace & Earring Set (Store-Display Model) for $84

    Swarovski "Bee A Queen" Rhodium-Plated Crystal Necklace & Earring Set (Store-Display Model) for $84
  • Swarovski New Love Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $65

    Swarovski New Love Gold Tone Dark Multi-Colored Crystal Necklace (Store-Display Model) for $65
  • TiVo Bolt OTA for Antenna Allin-One Live TV DVR and Streaming Apps Device 1000GB (Used, Damaged Retail Box) for $279

    TiVo Bolt OTA for Antenna Allin-One Live TV DVR and Streaming Apps Device 1000GB (Used, Damaged Retail Box) for $279

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

E-mail Newsletter

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

Accordina Ambient LED Collapsible Wireless Phone Charger for $29

Apr 14, 2021 By iHash

Desktop Window Manager vulnerability CVE-2021-28310 exploited ITW

Desktop Window Manager vulnerability CVE-2021-28310 exploited ITW

Apr 14, 2021 By iHash

Tags

* Apple computer security cyber attacks cyber crime cyber news cybersecurity Cyber Security cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS iOS 7 iOS 8 iPad iPhone iPhone 6 Malware microsoft network security OS X Yosemite Privacy ransomware malware risk management security security breaches security vulnerabilities software vulnerability the hacker news update video web applications
Copyright iHash.eu © 2021
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Non-necessary

Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.