Lucene search

K
thnThe Hacker NewsTHN:07AE3798EF82E8ABE815BF968B23B597
HistoryMay 26, 2022 - 1:18 p.m.

Critical 'Pantsdown' BMC Vulnerability Affects QCT Servers Used in Data Centers

2022-05-2613:18:00
The Hacker News
thehackernews.com
9

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

BMC Vulnerability

Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe “Pantsdown” Baseboard Management Controller (BMC) flaw, according to new research published today.

“An attacker running code on a vulnerable QCT server would be able to ‘hop’ from the server host to the BMC and move their attacks to the server management network, possibly continue and obtain further permissions to other BMCs on the network and by doing that gaining access to other servers,” firmware and hardware security firm Eclypsium said.

A baseboard management controller is a specialized system used for remote monitoring and management of servers, including controlling low-level hardware settings as well as installing firmware and software updates.

Tracked as CVE-2019-6260 (CVSS score: 9.8), the critical security flaw came to light in January 2019 and relates to a case of arbitrary read and write access to the BMC’s physical address space, resulting in arbitrary code execution.

Successful exploitation of the vulnerability can provide a threat actor with full control over the server, making it possible to overwrite the BMC firmware with malicious code, deploy persistent malware, exfiltrate data, and even brick the system.

Impacted QCT server models include D52BQ-2U, D52BQ-2U 3UPI, D52BV-2U, which come with BMC version 4.55.00 that runs a version of BMC software vulnerable to Pantsdown. Following responsible disclosure on October 7, 2021, a patch has been made privately available to customers on April 15.

The fact that a three-year-old weakness still continues to exist underscores the need to fortify firmware-level code by applying updates in a timely fashion and regularly scanning the firmware for potential indicators of compromise.

Firmware security is particularly crucial in light of the fact that components like BMC have emerged as a lucrative target of cyberattacks aimed at planting stealthy malware such as iLOBleed that’s designed to completely wipe a victim server’s disks.

To mitigate such risks, it’s reminded that organizations relying on QCT products should verify the integrity of their BMC firmware and update the component to the latest version as and when the fixes become available.

“Adversaries are getting increasingly comfortable wielding firmware-level attacks,” the company said. “What is important to note is how knowledge of firmware-level exploits has increased over the years: what was difficult in 2019 is almost trivial today.”

Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

Related for THN:07AE3798EF82E8ABE815BF968B23B597