Supermicro’s implementation of IPMI/BMC allows remote, unauthenticated attackers to request the file PSBlock via port 49152. This plain text password file contains IPMI username and password information.
Exposure & Impact
An attacker could gain credentialed to access via IPMI on vulnerable Supermicro systems. Supermicro IPMI allows remote graphical and text-based console access to a system, which gives an attacker a great deal of flexibility. Current reports indicate that nearly 32,000 hosts that are vulnerable to this issue are available on the Internet. (More Analysis Here).
Remediation & Mitigation
The latest firmware offerings from Supermicro are not vulnerable, users that can flash their firmware should do so immediately. The referenced cari.net blog post below contains information on a temporary mitigation in cases where flashing the firmware is not a possibility.
ASPL-568 will ship with detection for this vulnerability. In the meantime, customers can insert the following custom vulnerability to provide detection if they require immediate coverage can insert this rule and associate with the HTTP application. Scans will need to be run with Enhanced App Scan enabled.
“The vulnerability itself is serious. That a company would ever consider shipping this in this day and age is beyond belief. That said, the most recent firmware resolves the issue and has for at least a little while,” said Tyler Reguly, member of Tripwire’s Vulnerability and Exposure Research Team (VERT). “Anyone running vulnerable software at this point needs to revisit their internal processes and maintenance policies.”