Eclypsium Researchers Find 14 BMC Vulnerabilities

Two years ago, ransomware hackers infiltrated computer maker Gigabyte and exposed more than 112 gigabytes of data, including information from important supply chain partners such as Intel and AMD, to the public. Recently, cybersecurity experts discovered serious vulnerabilities in the firmware BMC, which is used by millions of computers around the world. Just this problem could serve as the cause of the attack.

Vulnerabilities allow attackers to gain complete control over servers and carry out attacks motivated by monetary interest or government sponsored. For example, to delete data, install malware (trojans and spyware), or encrypt files.

BMC (Baseboard Management Controller) is a special chip that simplifies server management, including remote (Lights-Out). With its help, administrators monitor the status of networks, update software, reboot the system, etc. With BMC, technicians don’t need physical access to devices, saving time and resources.

It turned out that the BMC can become a potential entry point for hackers if it is not properly protected. This is exactly the conclusion made by researchers from Eclypsium, who found at least 14 vulnerabilities by analyzing BMC from AMI (American Megatrends International), one of the largest server software manufacturers.

An attack can be carried out by an attacker who has access to remote Redfish management interfaces or to an infected operating system on the server. Redfish is a new technology that replaces the old IPMI and allows you to manage equipment in modern data centers through a special software interface.

Vulnerabilities relate to different aspects of the controllers, respectively, attackers can use different methods of hacking. For example:

• CVE-2023-34329 allows hackers to bypass login and password verification using headers in Internet requests. This vulnerability is rated 9.9 out of 10 on the severity scale.

• CVE-2023-34330 helps you inject your code into Redfish and run it on the server. Rated 8.2 out of 10 points.

The researchers advise data center administrators using AMI BMC to check their servers for vulnerabilities and update the system if necessary. It is also recommended to use additional security measures such as network segmentation, restricting access to the controller, two-factor authentication, etc.