Intel on the elimination of 22 vulnerabilities in the firmware of their server motherboards, server systems and computing modules. Three vulnerabilities, one of which is assigned a critical level, ( - CVSS 9.6, - CVSS 8.3, – CVSS 4.7) in the firmware of the Emulex Pilot 3 BMC controller used in Intel products. The vulnerabilities allow unauthenticated access to the remote management console (KVM), bypass authentication when emulating USB storage devices, and cause a remote buffer overflow in the Linux kernel used in BMC.
Vulnerability CVE-2020-8708 allows an unidentified attacker who has access to a local network segment shared with a vulnerable server to gain access to the BMC control environment. It is noted that the technique for exploiting the vulnerability is very simple and reliable, since the problem is caused by an architectural error. Moreover, by The researcher who discovered the vulnerability makes working with BMC through an exploit much more convenient than using a standard Java client. Affected hardware includes Intel R1000WT, R2000WT, R1000SP, LSVRP, LR1304SP, R1000WF, and R2000WF server system families, S2600WT, S2600CW, S2600KP, S2600TP, S1200SP, S2600WF, S2600ST, and S motherboards. 2600BP and HNS2600KP, HNS2600TP, and HNS2600BP compute modules . The vulnerabilities were fixed in firmware update 1.59.
According to unofficial firmware for BMC Emulex Pilot 3 is written by AMI, so manifestation of vulnerabilities on systems of other manufacturers. The problems are present in external patches to the Linux kernel and in the user-space control process, the code of which is characterized by the researcher who discovered the problem as the worst code that he had ever encountered.
Recall that BMC is a specialized controller installed in servers that has its own CPU, memory, storage and sensor polling interfaces, which provides a low-level interface for monitoring and controlling server hardware. With the help of BMC, regardless of the operating system running on the server, you can monitor the status of sensors, manage power, firmware and disks, organize remote boot over the network, ensure the operation of the remote access console, etc.
Source: opennet.ru