Supermicro BMCs Vulnerable to Compromise
Eclypsium researchers discovered vulnerabilities in the baseboard management controller (BMC) firmware of Supermicro motherboards. The vulnerabilities, dubbed “USBAnywhere,” are found in the BMC’s virtual USB feature, which permits system administrators to plug a USB in their own computer but view it as a virtual USB connected to a remotely-managed system. This allows data to be transferred from the local USB to the remote system. Researchers found several flaws in the authentication used by the application. By exploiting one of the flaws, a threat actor could interact with the BMC without proper credentials, and potentially boot the machine from a malicious USB image, exfiltrate data to the USB, or engage in other attacks against the BMC or the server it manages. Threat actors can initiate attacks remotely by scanning for BMCs with an open TCP port 623. A scan by the researchers determined that between 47,000 and 55,000 Supermicro BMCs are exposed online and in danger of exploitation. The NJCCIC recommends users and administrators of Supermicro BMCs install available patches as soon as possible and place BMCs in a private network not exposed to the internet. More information on the USBAnywhere vulnerabilities can be found in the Eclypsium blog post.