• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
over a dozen new bmc firmware flaws expose ot and

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

You are here: Home / General Cyber Security News / Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks
November 28, 2022

Above a dozen security flaws have been identified in baseboard administration controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of points (IoT) networks to distant attacks.

BMC refers to a specialised provider processor, a technique-on-chip (SoC), which is identified in server motherboards and is used for remote checking and management of a host method, like doing very low-degree process functions this sort of as firmware flashing and ability command.

CyberSecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Nozomi Networks, which analyzed an Smart System Management Interface (IPMC) from Taiwanese vendor Lanner Electronics, reported it uncovered 13 weaknesses affecting IAC-AST2500.

All the issues have an effect on model 1.10. of the regular firmware, with the exception of CVE-2021-4228, which impacts edition 1.00.. 4 of the flaws (from CVE-2021-26727 to CVE-2021-26730) are rated 10 out of 10 on the CVSS scoring system.

BMC Firmware Flaws

In individual, the industrial security company uncovered that CVE-2021-44467, an access management bug in the web interface, could be chained with CVE-2021-26728, a buffer overflow flaw, to reach remote code execution on the BMC with root privileges.

“When also taking into consideration that all procedures operate with root privileges on the device, the merged weaknesses empower an unauthenticated attacker to totally compromise both the BMC and the managed host,” the enterprise stated in a create-up released past week.

Lanner has considering the fact that produced an current firmware that addresses the vulnerabilities in issue adhering to responsible disclosure.

“BMCs depict an attractive way to conveniently observe and take care of computer units without demanding actual physical obtain, in the IT as perfectly as in the OT/IoT domain,” the scientists reported.

“Nevertheless, their usability comes at the price of a broader attack floor, and that may well lead to an enhance of the over-all risk if they are not sufficiently safeguarded.”

Observed this short article appealing? Stick to THN on Fb, Twitter  and LinkedIn to read through extra exceptional content material we article.


Some areas of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News African Police Bust $800K Fraud Schemes
Next Post: Russian Sandworm Hackers Linked to New Ransomware Blitz Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.