Return to list of client alerts
Modern enterprise servers have a hidden computer inside the server that is used by IT admins to manage the computer remotely. It can do everything from turning the computer on and off to a wide range of other services. Basically, if you control this computer inside the computer, you own the server. This is called the baseboard (formerly known as a motherboard) management controller or BMC. Of course, like everything these days, it is driven by software.
Each computer maker has their own marketing name for this capability. Dell, for example, calls it a DRAC for Dell Remote Access Controller.
Only problem is sometimes, the remote access is not from your IT team, but rather from hackers.
A security firm, Eclypsium, disclosed a basket of bugs this week that affect the AMI MegaRAC BMC.
AMI’s MegaRAC is used by vendors like Dell, EMC, HPE, Huawei, Lenovo, Nvidia, AMD, ARM and others. Basically, all of the major players in the computer game.
While ZDNet says these bugs can only be exploited if the servers are connected to the Internet, this is likely not accurate. Probably, what they mean is that the hackers need to have access to whatever network the BMCs are on.
If they are on the same network as your other computers are on, then, I suspect, all that is required is to compromise one of those other computers and you are toast. Also, likely, if one of your servers is compromised, well, then, as the saying goes, “Houston, we have a problem”. On top of this, these vulnerabilities only get worse, so now that it is out, expect other hackers/researchers to find other ways to exploit the flaws.
At this point, we don’t know how many servers and networks are vulnerable. Assume it is a big number.
While AMI is working on fixes, those have to go to the baseboard vendor, then to the computer maker, then they have to figure out which models are affected, then they have to release patches, then IT admins have to figure out which servers are affected and finally, schedule downtime to patch the servers.
Of course, there will be older servers that are no longer under warranty, under maintenance and not supported.
Assume these vulnerabilities will be with us for years. And hackers will continue to take advantage of them.
Credit: ZDNet‘s Dark Reading