Three different security flaws have been disclosed in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software that could lead to remote code execution on vulnerable servers.
“The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking),” firmware and hardware security company Eclypsium said in a report shared with The Hacker News.
BMCs are privileged independent systems within servers that are used to control low-level hardware settings and manage the host operating system, even in scenarios when the machine is powered off.
These capabilities make BMCs an enticing target for threat actors looking to plant persistent malware on devices that can survive operating system reinstalls and hard drive replacements.
Some of the major server manufacturers that are known to have used MegaRAC BMC include AMD, Ampere Computing, Arm, ASRock, Asus, Dell EMC, GIGABYTE, Hewlett Packard Enterprise, Huawei, Lenovo, Nvidia, Qualcomm, Quanta, and Tyan.
images from Hacker News