The most common danger is remote attacks. Lanner, the cybersecurity company, claimed to have developed fixes for 13 vulnerabilities. However, it added that more issues were found during its study and are still being fixed.
The firmware of Lanner’s Baseboard Management Controller (BMC), which is used to manage the BMC, contains more than 12 security holes. These could allow remote attackers access to operational technology (OT) or internet of things networks.
The term “BMC”, or system-on chip (SoC), refers to an specialised service processor that is installed in server motherboards and used for remote monitoring and managing a host system. This includes low-level tasks such as firmware flashing and control of power.
Nozomi Networks found 13 vulnerabilities in the IAC-AST2500, after examining an Intelligent Platform Management Interface from Taiwanese Lanner Electronics. All flaws except CVE-2021-428, which affects the version 1.00.0 standard firmware, affect the version 1.10.0. Four of the flaws, CVE-2021-4228 through CVE-2021-4230, have a CVSS score of 10 out 10.
Industrial security firm found that remote code execution on the BMC with root rights was possible when CVE-2021-26728, a buffer-overflow vulnerability, is combined with CVE-2021-4447, an access-control fault in the interface web. Lanner, after a responsible disclosure of the flaws, has released an updated firmware.
Researchers said that BMCs are an appealing way to monitor and manage computers without requiring physical accessibility, both in the IT domain as well as the OT/IoT.
If they are not properly protected, the risk may increase.
