Select Page

Enterprise servers powered by Supermicro motherboards can remotely be compromised by virtually plugging in malicious USB devices, cybersecurity researchers at firmware security company Eclypsium told The Hacker News.

Yes, that’s correct. You can launch all types of USB attacks against vulnerable Supermicro servers without actually physically accessing them or waiting for your victim to pick up an unknown, untrusted USB drive and plug it into their computer.

Collectively dubbed “USBAnywhere,” the attack leverages several newly discovered vulnerabilities in the firmware of BMC controllers that could let an unauthorized, remote attacker connect to a Supermicro server and virtually mount malicious USB device.

Comes embedded with a majority of server chipsets, a baseboard management controller (BMC) is a hardware chip at the core of Intelligent Platform Management Interface (IPMI) utilities that allows sysadmins to remotely control and monitor a server without having to access the operating system or applications running on it.

In other words, BMC is an out-of-band management system that allows admins to remotely reboot a device, analyze logs, install an operating system, and update the firmware—making it one of the most privileged components in enterprise technology today.

One such BMC ability includes mounting virtual media to connect a disk image as a virtual USB CD-ROM or floppy drive with a remote server.

According to a report published today by Eclypsium and shared with The Hacker News prior to the publication, BMCs on Supermicro X9, X10, and X11 platforms use an insecure implementation to authenticate the client and transport USB packets between client and server.

images from Hacker News