Quanta Cloud Technology (QCT) servers have been identified as susceptible to the severe “Pantsdown” Baseboard Management Controller (BMC) flaw, according to new investigate published right now.
“An attacker jogging code on a susceptible QCT server would be equipped to ‘hop’ from the server host to the BMC and go their attacks to the server management network, quite possibly continue on and acquire more permissions to other BMCs on the network and by doing that gaining accessibility to other servers,” firmware and components security firm Eclypsium explained.
A baseboard management controller is a specialized procedure employed for distant checking and management of servers, like controlling very low-degree hardware settings as nicely as installing firmware and computer software updates.
Tracked as CVE-2019-6260 (CVSS rating: 9.8), the critical security flaw came to light-weight in January 2019 and relates to a situation of arbitrary read and publish obtain to the BMC’s bodily deal with house, ensuing in arbitrary code execution.
Effective exploitation of the vulnerability can offer a menace actor with complete handle over the server, making it probable to overwrite the BMC firmware with destructive code, deploy persistent malware, exfiltrate knowledge, and even brick the process.
Impacted QCT server types involve D52BQ-2U, D52BQ-2U 3UPI, D52BV-2U, which come with BMC edition 4.55.00 that runs a edition of BMC software program susceptible to
Pantsdown. Adhering to dependable disclosure on October 7, 2021, a patch has been built privately accessible to customers on April 15.
The actuality that a a few-12 months-aged weakness however carries on to exist underscores the want to fortify firmware-degree code by applying updates in a timely manner and consistently scanning the firmware for likely indicators of compromise.
Firmware security is particularly vital in gentle of the simple fact that elements like BMC have emerged as a rewarding focus on of cyberattacks aimed at planting stealthy malware this sort of as iLOBleed which is developed to fully wipe a sufferer server’s disks.
To mitigate these kinds of threats, it really is reminded that companies relying on QCT products and solutions should confirm the integrity of their BMC firmware and update the component to the most current variation as and when the fixes come to be offered.
“Adversaries are receiving increasingly cozy wielding firmware-level attacks,” the corporation explained. “What is crucial to notice is how understanding of firmware-level exploits has greater in excess of the decades: what was difficult in 2019 is practically trivial now.”
Discovered this report interesting? Adhere to THN on Fb, Twitter and LinkedIn to browse extra special information we post.
Some parts of this short article are sourced from: