• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
critical 'pantsdown' bmc vulnerability affects qct servers used in data

Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers

You are here: Home / General Cyber Security News / Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers
May 26, 2022

Quanta Cloud Technology (QCT) servers have been identified as susceptible to the severe “Pantsdown” Baseboard Management Controller (BMC) flaw, according to new investigate published right now.

“An attacker jogging code on a susceptible QCT server would be equipped to ‘hop’ from the server host to the BMC and go their attacks to the server management network, quite possibly continue on and acquire more permissions to other BMCs on the network and by doing that gaining accessibility to other servers,” firmware and components security firm Eclypsium explained.

A baseboard management controller is a specialized procedure employed for distant checking and management of servers, like controlling very low-degree hardware settings as nicely as installing firmware and computer software updates.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


CyberSecurity

Tracked as CVE-2019-6260 (CVSS rating: 9.8), the critical security flaw came to light-weight in January 2019 and relates to a situation of arbitrary read and publish obtain to the BMC’s bodily deal with house, ensuing in arbitrary code execution.

Effective exploitation of the vulnerability can offer a menace actor with complete handle over the server, making it probable to overwrite the BMC firmware with destructive code, deploy persistent malware, exfiltrate knowledge, and even brick the process.

Impacted QCT server types involve D52BQ-2U, D52BQ-2U 3UPI, D52BV-2U, which come with BMC edition 4.55.00 that runs a edition of BMC software program susceptible to

Pantsdown. Adhering to dependable disclosure on October 7, 2021, a patch has been built privately accessible to customers on April 15.

The actuality that a a few-12 months-aged weakness however carries on to exist underscores the want to fortify firmware-degree code by applying updates in a timely manner and consistently scanning the firmware for likely indicators of compromise.

CyberSecurity

Firmware security is particularly vital in gentle of the simple fact that elements like BMC have emerged as a rewarding focus on of cyberattacks aimed at planting stealthy malware this sort of as iLOBleed which is developed to fully wipe a sufferer server’s disks.

To mitigate these kinds of threats, it really is reminded that companies relying on QCT products and solutions should confirm the integrity of their BMC firmware and update the component to the most current variation as and when the fixes come to be offered.

“Adversaries are receiving increasingly cozy wielding firmware-level attacks,” the corporation explained. “What is crucial to notice is how understanding of firmware-level exploits has greater in excess of the decades: what was difficult in 2019 is practically trivial now.”

Discovered this report interesting? Adhere to THN on Fb, Twitter  and LinkedIn to browse extra special information we post.


Some parts of this short article are sourced from:
thehackernews.com

Previous Post: «Cyber Security News 18 Oil and Gas Companies Take Cyber Resilience Pledge
Next Post: AVG AntiVirus Free review: Great malware protection, though the upsell is a turn-off avg antivirus free review: great malware protection, though the upsell»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.