Researchers from security firm Eclypsium have revealed a set of USB glitches in the baseboard management controller (BMC) on Supermicro’s server boards (versions X9, X10, and X11) that could enable attackers to hijack thousands of servers. The researchers, the same ones who suggested earlier that Supermicro’s servers can be easily backdoored, named the bugs USBAnywhere.
BMC is a ‘computer within a computer,’ very similar to Intel’s often-criticized Management Engine (ME), that permits IT, administrators, to control and update computer systems on a network remotely. Usually, the BMC is locked within a network, so that it can’t be remotely accessed from outside of the said network.
These interfaces aren’t typically developed with security in mind, which makes it that much simpler for hackers to find existing glitches and exploit them. In this particular case, the Eclypsium researchers found a glitch in the BMC feature that enabled IT admins to mount images as USB units remotely.
This could be exploited since it mainly provides hackers the ability to take over a device remotely as if they’d local USB access to the system. For example, the attackers could set up a brand new operating system or implant malware through remote USB access.
The Eclypsium team discovered four defects. These flaws included utilizing plaintext authentication and unauthenticated network visitors, weak encryption for the remote connection and an authentication bypass flaw in the Supermicro X10 and X11 platforms that would permit new clients on the virtual media service to make use of an old user’s permissions.
The security group that reveled the bugs believes that tens of thousands of Supermicro servers could be vulnerable to this attack.