Over
a
dozen
security
flaws
have
been
discovered
in
baseboard
management
controller
(BMC)
firmware
from
Lanner
that
could
expose
operational
technology
(OT)
and
internet
of
things
(IoT)
networks
to
remote
attacks.

BMC
refers
to
a
specialized
service
processor,
a
system-on-chip
(SoC),
that’s
found
in
server
motherboards
and
is
used
for
remote
monitoring
and
management
of
a
host
system,
including
performing
low-level
system
operations
such
as

firmware
flashing
and
power
control.

Nozomi
Networks,
which
analyzed
an
Intelligent
Platform
Management
Interface
(IPMC)
from
Taiwanese
vendor
Lanner
Electronics,
said
it
uncovered
13
weaknesses
affecting

IAC-AST2500.

All
the
issues
affect
version
1.10.0
of
the
standard
firmware,
with
the
exception
of
CVE-2021-4228,
which
impacts
version
1.00.0.
Four
of
the
flaws
(from
CVE-2021-26727
to
CVE-2021-26730)
are
rated
10
out
of
10
on
the
CVSS
scoring
system.

In
particular,
the
industrial
security
company
found
that
CVE-2021-44467,
an
access
control
bug
in
the
web
interface,
could
be
chained
with
CVE-2021-26728,
a
buffer
overflow
flaw,
to
achieve
remote
code
execution
on
the
BMC
with
root
privileges.

“When
also
considering
that
all
processes
run
with
root
privileges
on
the
device,
the
combined
weaknesses
enable
an
unauthenticated
attacker
to
completely
compromise
both
the
BMC
and
the
managed
host,”
the
company

said
in
a
write-up
published
last
week.

Lanner
has
since
released
an
updated
firmware
that
addresses
the
vulnerabilities
in
question
following
responsible
disclosure.

“BMCs
represent
an
attractive
way
to
conveniently
monitor
and
manage
computer
systems
without
requiring
physical
access,
in
the
IT
as
well
as
in
the
OT/IoT
domain,”
the
researchers
said.

“Nevertheless,
their
usability
comes
at
the
expense
of
a
broader
attack
surface,
and
that
may
lead
to
an
increase
of
the
overall
risk
if
they
are
not
adequately
protected.”