A critical ‘Pantsdown’ BMC vulnerability affects data center QCT servers. According to new study published today, Quanta Cloud Technology (QCT) servers are vulnerable to the serious “Pantsdown” Baseboard Management Controller (BMC) weakness.
“An attacker running code on a vulnerable QCT server would be able to ‘hop’ from the server host to the BMC and move their attacks to the server management network, possibly continuing and obtaining further permissions to other BMCs on the network and gaining access to other servers,” said Eclypsium, a firmware and hardware security firm.
A baseboard management controller is a specialized device that is used for remote server monitoring and management, such as changing low-level hardware settings and installing firmware and software upgrades.
The major security hole, tracked as CVE-2019-6260 (CVSS score: 9.8), was discovered in January 2019 and pertains to unrestricted read and write access to the BMC’s physical address space, resulting in arbitrary code execution.
Exploiting the vulnerability successfully can provide a threat actor complete control of the server, allowing them to rewrite the BMC firmware with malicious code, implant persistent malware, exfiltrate data, and even brick the device.
QCT server types affected include the D52BQ-2U, D52BQ-2U 3UPI, and D52BV-2U, which ship with BMC version 4.55.00, which runs a vulnerable version of BMC software.
Pantsdown. On April 15, 2021, a patch was made privately accessible to consumers after responsible disclosure on October 7, 2021.
The fact that a three-year-old flaw still exists emphasizes the need of fortifying firmware-level code by applying timely upgrades and frequently inspecting the firmware for potential signs of intrusion.
Firmware security is especially important since components like BMC have emerged as a lucrative target for cyberattacks aiming at installing stealthy malware like iLOBleed, which is meant to fully erase a vulnerable server’s disks.
To prevent such risks, companies that rely on QCT devices should check the integrity of their BMC firmware and update the component to the most recent version as soon as the updates are available.
“Adversaries are becoming more comfortable with firmware-level assaults,” the company stated. “It’s worth noting how understanding of firmware-level vulnerabilities has grown over time: what was tough in 2019 is now virtually easy.”
Have you enjoyed reading this article? To read more exclusive material from THN, follow us on Facebook. A critical ‘Pantsdown’ BMC vulnerability affects data center QCT servers.