New Baseboard Management Controller Firmware Flaws
Reading Time: 2 minutes

According to Nozomi Networks, a dozen new Baseboard Management Controller Firmware flaws have been discovered that expose operational technology (OT) and internet of things (IoT) networks to remote attacks.

While analyzing an Intelligent Platform Management Interface (IPMC) from Taiwanese vendor Lanner Electronics, Nozomi Networks uncovered 13 weaknesses affecting IAC-AST2500.

The BMC firmware is a specialized service processor, a system-on-chip (SoC), present on server motherboards and used for remote monitoring and management of a host system. Additionally, it is used to perform low-level system operations such as firmware flashing and power control.

The latest flaws affect version 1.10.0 of the standard firmware, with the exception of CVE-2021-4228, which impacts version 1.00.0. Four of the flaws (from CVE-2021-26727 to CVE-2021-26730) are rated 10 out of 10 on the CVSS scoring system.

While the CVE-2021-44467 vulnerability is an access control bug in the web interface, which can be chained with CVE-2021-26728, a buffer overflow flaw, to achieve remote code execution on the BMC with root privileges.New Baseboard Management Controller Firmware Flaws_1The company in a write-up published last week said, “When also considering that all processes run with root privileges on the device, the combined weaknesses enable an unauthenticated attacker to completely compromise both the BMC and the managed host.”

An updated firmware has been released by Lanner, it will address the vulnerabilities in question following responsible disclosure.

The researchers found that BMCs represent an attractive way to conveniently monitor and manage systems without requiring physical access, in the IT sector as well as in other industries, such as manufacturing and transportation.

They further added, “However, they are less secure in the face of a broad range of potential attacks.”

Related Articles:
Dell, HP, and Lenovo Devices Using Outdated OpenSSL Versions
iSpoof Phone Spoofing Service – UK Police Nab 142 Individuals Linked
Latest Variant RansomExx Ransomware Rewritten in the Rust Programming Language