Where data is home
Where Data is Home

Bmc Firmware Vulnerabilities Expose Ot & Iot Networks To Remote Attacks

Data Breaches
By Editor
Preventing Ransomware Attacks
0 36

The discovery of vulnerabilities in Lanner’s BMC firmware has raised concerns regarding the security of OT and IoT networks. Nozomi Networks, a leading cybersecurity company, has identified 13 vulnerabilities that can be exploited remotely. This is particularly significant as Lanner’s firmware is widely used by prominent tech giants such as Asus, Dell, Lenovo, Gigabyte, and Nvidia. The exploitation of these vulnerabilities can result in remote code execution with root privileges, as well as the termination of active user sessions, leading to a denial-of-service condition. The attack chain involves a web application on Lanner expansion cards, which allows control of the host and BMC. In response to these findings, Lanner has released updated firmware versions to address the vulnerabilities. It is crucial for customers to promptly apply these patches or, if patching is not feasible, enforce network access control and firewall rules to restrict external access to the vulnerable asset. Taking these measures is imperative to mitigate the risk posed by these vulnerabilities.

Key Takeaways

  • BMC firmware in Lanner’s network interface contains 13 vulnerabilities that can be exploited for remote attacks on OT and IoT networks.
  • Tech giants like Asus, Dell, Lenovo, Gigabyte, and Nvidia use the vulnerable AMIs BMC remote management firmware in their products.
  • The vulnerabilities can lead to remote code execution with root privileges and the ability to terminate active sessions, causing a DoS condition.
  • Lanner has developed updated firmware versions to address the vulnerabilities, and customers should contact their technical support department for the appropriate package. If patching is not possible, network access control and firewall rules should be enforced to mitigate the risk.

BMC Firmware Overview

BMC firmware, commonly used as a service processor in server motherboards, allows for remote monitoring, management, and low-level system operations, making it a critical component in OT and IoT networks. The recent discovery of 13 vulnerabilities in Lanner’s BMC firmware has raised concerns about the security of these networks. These vulnerabilities can be exploited by hackers to launch remote attacks, potentially leading to remote code execution with root privileges and causing a denial of service (DoS) condition. This poses a significant risk to critical infrastructure systems that rely on BMC firmware. To mitigate these risks, organizations should consider implementing potential mitigation strategies such as patching the firmware with updated versions provided by the vendor, enforcing network access control and firewall rules, and following recommended security practices. These measures can help protect OT and IoT networks from remote attacks using BMC firmware.

Impacted Tech Giants

Tech giants such as Asus, Dell, Lenovo, Gigabyte, and Nvidia are among the companies affected by the recently discovered vulnerabilities in their AMIs remote management firmware. These vulnerabilities pose significant risks to their OT and IoT networks. The potential consequences of these vulnerabilities include remote code execution with root privileges and the ability for attackers to terminate active sessions, leading to denial of service conditions. To mitigate these risks, it is crucial for these tech giants to promptly address the vulnerabilities by applying the necessary firmware updates provided by the vendors. Additionally, network access control and firewall rules should be enforced to restrict the vulnerable assets from accessing the network from outside the organization. These mitigation strategies will help safeguard the OT and IoT networks of these tech giants against potential remote attacks.

Attack Chain

The attack chain of the discovered vulnerabilities involves the exploitation of flaws in the web application used for controlling the host and service processor within Lanner expansion cards. Specifically, the vulnerabilities exist in the functionality that allows the termination of active user sessions. This functionality is implemented using a POST request authenticated with ‚/api/KillDupUsr‘. The flaw lies in the fact that the ’spx_restservice‘ function does not verify user sessions, thus enabling unauthenticated attackers to exploit the vulnerability. These exploitation methods can have a significant impact on critical infrastructure, such as OT and IoT networks. Attackers can remotely execute code with root privileges and terminate active sessions of other users, causing a denial-of-service (DoS) condition. It is crucial for organizations to address these vulnerabilities promptly to mitigate the risk posed by potential remote attacks.

Vendor Response

Lanner has taken prompt action in response to the reported vulnerabilities by developing updated firmware versions for the IAC-AST2500A. This demonstrates their commitment to addressing the security flaws and protecting their customers‘ systems. However, it is important to assess the effectiveness of these updated firmware versions in addressing the vulnerabilities. Customers may face challenges in obtaining and implementing the appropriate firmware package, especially considering the strict dependency between the appliance in use and the required patched version. It is crucial for Lanner to provide clear instructions and support to their customers to ensure a smooth and successful patching process. Additionally, ongoing communication and collaboration between Lanner and their customers is essential to address any potential issues or concerns that may arise during the implementation of the updated firmware.

Patching Recommendations

To address the identified security flaws, it is recommended to promptly obtain and apply the appropriate firmware package provided by the vendor. Patching the BMC firmware vulnerabilities is crucial in ensuring the security of OT and IoT networks. By applying the updated firmware versions, organizations can mitigate the risk of remote attacks and potential exploitation of the vulnerabilities. Additionally, implementing network access control and firewall rules further enhances the security posture of these networks. Enforcing these measures prevents the vulnerable assets from accessing the network from outside the organization, reducing the likelihood of unauthorized access and potential malicious activities. Failure to patch the BMC firmware vulnerabilities may lead to severe consequences, such as remote code execution with root privileges and the ability for attackers to terminate active user sessions, causing a denial of service condition. Therefore, organizations should prioritize patching and implementing network security measures to safeguard their OT and IoT networks.

Other Cyber Security News

Over 400 organizations were affected by the recent MOVEit hack, which involved the use of CL0P ransomware. This cyberattack resulted in significant cybersecurity implications. Additionally, hackers managed to steal over 8 million users‘ data from a U.S. government services contractor. These incidents highlight the critical need for robust cybersecurity measures to protect sensitive information and prevent unauthorized access. In response to the growing threat landscape, Microsoft has provided a cryptojacking attack patterns checklist specifically designed for administrators and security professionals. This checklist serves as a valuable resource in identifying and mitigating the risks associated with cryptojacking attacks. By following Microsoft’s guidelines, organizations can enhance their security posture and safeguard their systems from this increasingly prevalent threat. It is crucial for organizations to prioritize cybersecurity practices and stay informed about the latest tools and techniques to effectively counteract evolving cyber threats.

About Cyber Security News

Cyber Security News is a dedicated news channel that provides the latest updates and news on cybersecurity for hackers and security professionals. It serves as an important resource for organizations seeking to stay informed about the latest threats and vulnerabilities in the cyber landscape. The channel plays a crucial role in disseminating information about emerging cyber threats and the recommended security measures that organizations should take to protect their networks and systems.

One of the key aspects of Cyber Security News is its engagement with security researchers who play a vital role in identifying vulnerabilities and weaknesses in various systems and applications. These researchers contribute to the channel by sharing their findings and insights, enabling organizations to proactively address security issues before they can be exploited by malicious actors. By highlighting the work of these researchers, Cyber Security News helps organizations understand the evolving nature of cybersecurity threats and encourages the implementation of robust security measures.

In conclusion, Cyber Security News is an essential resource for organizations and security professionals, providing timely updates and insights into the ever-changing cybersecurity landscape. By staying informed through this channel, organizations can better protect their networks and systems from potential threats and vulnerabilities. Additionally, the collaboration with security researchers further enhances the effectiveness of Cyber Security News in identifying and addressing cybersecurity risks.

Follow Cyber Security News

The latest updates from Cyber Security News can be accessed by following the channel on various social media platforms such as Facebook, Twitter, Pinterest, and WhatsApp. Staying updated with cyber security news is of utmost importance in today’s digital landscape. Here are four reasons why keeping up with cyber security news is crucial:

  1. Awareness: Cyber security news updates provide valuable information about the latest threats, vulnerabilities, and attack techniques. Staying informed helps individuals and organizations understand the evolving cyber threat landscape and take necessary precautions.

  2. Prevention: By staying updated with cyber security news, individuals and organizations can proactively implement security measures to protect their systems and data. They can learn about best practices, security tools, and mitigation strategies to prevent cyber attacks.

  3. Incident Response: In the event of a cyber attack, being aware of the latest cyber security news can help organizations respond effectively. They can learn from real-world incidents, understand attack patterns, and implement incident response plans to minimize damage and recover quickly.

  4. Professional Development: Staying updated with cyber security news is crucial for professionals in the field. It helps them stay abreast of emerging technologies, industry trends, and regulatory changes. Continuous learning and professional development are essential for maintaining expertise in the ever-changing field of cyber security.

Frequently Asked Questions

What is the specific firmware version affected by the vulnerabilities?

The specific firmware version affected by the vulnerabilities in the BMC firmware is not mentioned in the given information. It is advised to contact Lanner’s technical support department to obtain the appropriate firmware package.

Are there any known instances of these vulnerabilities being exploited in the wild?

There is no information available regarding specific instances of these vulnerabilities being exploited in the wild. However, the impact of these vulnerabilities on OT and IoT networks could be significant, as they can lead to remote code execution with root privileges and the termination of active user sessions.

How long did it take for Lanner to develop and release the updated firmware versions?

Lanner took an undisclosed amount of time to develop and release the updated firmware versions in response to the reported vulnerabilities. The specific challenges faced during the process are not mentioned in the given information.

Can the vulnerabilities in the BMC firmware be exploited remotely over the internet?

The vulnerabilities in the BMC firmware can be exploited remotely over the internet. If exploited, the potential consequences include remote code execution with root privileges and termination of active user sessions, leading to a denial-of-service condition. Organizations can proactively protect their OT and IoT networks by patching the firmware, enforcing network access control and firewall rules, and following vendor recommendations.

Are there any additional mitigation measures recommended for organizations that are unable to patch their firmware?

Alternative mitigation strategies should be implemented by organizations that are unable to patch their firmware. Unpatched firmware can have a significant impact on network security, leaving systems vulnerable to remote attacks and potential exploitation of the identified vulnerabilities.

Continue Reading
Editor 1200 posts 0 comments
Das könnte dir auch gefallen Mehr vom Autor
Hinterlasse eine Antwort

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More