Corporate network security comes under fire after cybersecurity researchers found a vulnerability on systems running on Supermicro motherboards. Approximately 47,000 workstations across the United States remain affected by this flaw. Findings of the study were presented at Open Source Firmware Conference held in Silicon Valley last Tuesday, September 3, 2019.
According to an article published by ZD Net, the bugs are called USBAnywhere. These reportedly affect the main baseboard management controller (BMC) firmware found inside the Supermicro motherboards.
Baseboard management controllers or BMCs are processors which provide system administrators remote access to hardware-level management. Through these components, system administrators can upgrade operating systems or send instructions without physical access to the computer or server. BMCs make it possible to enact these controls without having to plug anything into the server.
However, cybersecurity researchers found that Supermicro motherboards contained a vulnerability. In particular, motherboards such as the X9, X10, and X11 have been found with issues.
In total, four flaws have been found within these components. The four issues include unencrypted network traffic, weak encryption, authentication bypass on both X10 and X11 platforms, and plaintext authentication.
Of these four flaws, ZD Net considers authentication bypass the most powerful and dangerous bug. The flaw allows hackers to facilitate connections to the database used by the system administrator.
Threatpost states that these vulnerabilities provide attackers access to the server using only little to no credentials. When attackers enter the system, they disguise themselves as a raw USB device which is virtually undetectable by the server.
Implications of the Vulnerabilities
Should attackers access databases, these individuals may easily plant malicious content. These include complete modification of the server, placing malware, and destroying or disabling the computer device.
Eclypsium researchers note that hackers who gain access to these BMCs may compromise the whole system. Despite protecting the server and reinstalling the operating system, these researchers say malware planted by attackers tend to stay. Moreover, these potential attackers may also exploit the database by bricking the servers temporarily.
All of the vulnerabilities found in BMCs may be used to extort money from corporations. These may also further compromise the safety and security of the company.
Speedy Company Response
Threatpost said USBAnywhere vulnerabilities were already patched. Supermicro released the four patches affecting X9, X10, and X11 last September 3, 2019. To secure the vulnerabilities, Supermicro worked alongside Eclypsium, said ZD Net.
A spokesperson for Supermicro said they “want to thank the researchers who have identified the BMC Virtual Media vulnerability.”