Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw

A security flaw impacting the Lighttpd web server used in baseboard management controllers BMCs has remained unpatched by device vendors like Intel and Lenovo, new findings from Binarly reveal. While the original shortcoming was discovered and patched by the Lighttpd maintainers way back in Augus...

OpenBMCS 2.4 - Information Disclosure

Exploit Title: OpenBMCS 2.4 - Information Disclosure Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Secrets Disclosure Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your...

OpenBMCS 2.4 SQL Injection Vulnerability

OpenBMCS 2.4 Authenticated SQL Injection Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your business, the OpenBMCS software has the ability to expand to hundreds of controllers. Ou...

Dan Farmer Presents Research on IPMI Vulnerabilities

If enterprises are indeed moving services off premises and into the cloud, there are four letters those companies’ IT organizations should be aware of: IPMI. Short for Intelligent Platform Management Interface, these tiny computers live as an embedded Linux system attached to the motherboards of...

IPMI Vulnerabilities on BMCs expose servers to attack

Baseboard management controllers, embedded computers present in most servers, are vulnerable to a half dozen critical vulnerabilities that could enable an attacker to gain remote control over the host machine. The vulnerabilities are in the Intelligent Platform Management Interface IPMI protocol...