Remote attacks stand to be the most prevalent danger. The cybersecurity company claimed that Lanner has developed fixes that should address the 13 vulnerabilities, but it also mentioned that it found more problems during its study that are still being repaired.
Baseboard management controller (BMC) firmware from Lanner has been found to include more than a dozen security holes that may allow remote attackers to access operational technology (OT) and internet of things (IoT) networks.
The term “BMC” refers to a system-on-chip (SoC), or specialised service processor, that is used in server motherboards for remote monitoring and management of a host system. This includes carrying out low-level system tasks like firmware flashing and power control.
IAC-AST2500 was found to have 13 vulnerabilities, according to Nozomi Networks, which examined an Intelligent Platform Management Interface (IPMC) from Taiwanese manufacturer Lanner Electronics. Except for CVE-2021-4228, which affects version 1.00.0 of the standard firmware, all of the flaws affect version 1.10.0. From CVE-2021-26727 through CVE-2021-26730, four of the defects have a CVSS rating of 10 out of 10.
The industrial security firm discovered that remote code execution with root rights on the BMC was possible by combining CVE-2021-26728, a buffer overflow vulnerability, with CVE-2021-44467, an access control fault in the web interface. After responsible disclosure, Lanner has since made available an updated firmware that fixes the mentioned flaws.
“BMCs represent an attractive way to conveniently monitor and manage computer systems without requiring physical access, in the IT as well as in the OT/IoT domain,” the researchers said.
“Nevertheless, their usability comes at the expense of a broader attack surface, and that may lead to an increase of the overall risk if they are not adequately protected.”