BMC (Baseboard Management Controller) firmware from Lanner has been found to contain over a dozen vulnerabilities that could allow remote attacks to be launched against OT and IoT networks.
As a result of analyzing an IPMC from Lanner Electronics (a Taiwanese vendor), Nozomi Networks discovered 13 vulnerabilities that affected the IAC-AST2500 network interface.
In server motherboards, these BMCs are commonly available as a service processor (SoC) that integrates with the server peripherals.
Using this kind of tool, it is possible to monitor and manage a host system remotely and to also perform low-level system operations, such as flashing firmware and controlling the power supply, remotely.
Researchers discovered thirteen vulnerabilities that exist in the web interface of the IAC-AST2500A, which are listed below:-
Except for CVE-2021-4228, which affects version 1.00.0, all of the issues affect version 1.10.0 of the standard firmware. According to the CVSS scoring system, there are four flaws that are rated as ten out of ten.
In addition to network appliances, this company also provides rugged computing platforms and rugged network appliances that are designed to withstand harsh environments.
AMI’s BMC remote management firmware is used by several tech giants and here below we have mentioned them:-
It is possible to control both the host and the BMC from within the Lanner expansion card by using a web application, which comes with the expansion card.
As a consequence of the following two flaws, an unauthenticated attacker may be able to execute RCE on a BMC with root privileges by exploiting the vulnerabilities:-
If the user wishes to terminate any other active session on the logged-in account, the web application will ask the user through a confirmation dialog during the login process.
There is a POST request that is used to implement this functionality, and it is authenticated using the following request:-
While this is completely regulated by the “KillDupUsr_func,” it’s a function of the following service:-
This function does not verify the user session, despite the QSESSIONID cookie being present in the POST request. Unauthenticated attackers can exploit this flaw (CVE-2021-44467) to end the active sessions of other users with impunity, causing a DoS condition to occur.
The vendor, Lanner developed updated firmware versions for the IAC-AST2500A after receiving the security report regarding these 13 vulnerabilities.
There is a strict dependency between the appliance in use and the patched version that is required. So, in order to receive the appropriate package, Lanner customers were advised to contact their technical support department.
It is recommended to enforce network access control and firewall rules if a user is not able to patch their appliances. This will prevent this asset from being able to access the network from outside the organization.
Secure Web Gateway – Web Filter Rules, Activity Tracking & Malware Protection – Download Free E-Book
Splunk Inc. has disclosed two significant vulnerabilities within its software suite, posing a considerable risk…
GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report that highlights…
In 2023, C2A Security added multiple OEMs and Tier 1s to its portfolio of customers,…
Apple users are falling prey to a sophisticated phishing campaign designed to hijack their Apple…
Hackers have been found leveraging weaponized virtual hard disk (VHD) files to deploy the notorious…
A security update released by ChatRTX on March 26th, 2024, addresses two vulnerabilities (CVE-2024-0082 and…