Source: heimdalsecurity.com – Author: Livia Gyongyoși
Security Researchers warn about finding new vulnerabilities in the AMI MegaRAC Baseboard Management Controller (BMC) software. The flaws, rated from high to critical, open the way for threat actors to deploy malware and succeed in remote code execution (RCE).
Lots of top-tier manufacturers rely on MegaRAC BMC to provide “lights-out” administration for servers worldwide.
Researchers revealed the CVEs during the analysis of information leaked in the RansomExx ransomware attack that targeted GIGABYTE in August 2021.
More about the New AMI MegaRAC BMC Vulnerabilities
According to the researchers, the two flaws range in severity from high to critical. They can either be exploited remotely by hackers who have access to Redfish remote management interfaces, or from a compromised machine.
Both flaws rise huge risks for the supply chain that underlies cloud computing since they impact a large number of hardware vendors.
They can be exploited by remote attackers having access to Redfish remote management interfaces, or from a compromised host operating system.
The new vulnerabilities were dubbed:
- CVE-2023-34329 (CVSS score: 9.1) – Threat actors can exploit it for authentication bypass by spoofing the HTTP header. The result may be a loss of confidentiality, integrity, and availability.
- CVE-2023-34330 (CVSS score: 8.2) – This flaw allows threat actors to inject code and execute it through a Redfish interface. The risks are also loss of confidentiality, integrity, and availability.
Further Risks
Researchers warned that threat actors can chain together the two CVEs. In that case, the result would be remote code execution attacks on the BMC chip with the highest privileges. Furthermore, adding CVE-2022-40258 to the mix can enable hackers to crack passwords for the admin accounts on the BMC chip.
Researchers warn that this kind of attack can lead to malware deployment that enables long-term cyber espionage as it evades security software. Lateral movement is also a risk.
Additionally, exploiting CVE-2023-34329 and CVE-2023-34330 can lead to:
- remote deployment of ransomware,
- firmware implanting or bricking motherboard components,
- potential physical damage (over-voltage / bricking),
- perpetual reboot loops.
However, for the moment, researchers found no evidence that hackers exploited the vulnerabilities in the wild.
The two new vulnerabilities add to a set of 5 other flaws that impact AMI MegaRAC BMCs. Security researchers revealed the other vulnerabilities in December 2022 (CVE-2022-40259, CVE-2022-40242, and CVE-2022-2827) and January 2023 (CVE-2022-26872 and CVE-2022-40258).
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.
Get cybersecurity updates you’ll actually want to read directly in your inbox.
Original Post URL: https://heimdalsecurity.com/blog/new-ami-megarac-bmc-vulnerabilities/
Category & Tags: Cybersecurity News – Cybersecurity News
