Multiple Vulnerabilities In MegaRAC BMC Risked Server Security

Researchers discovered multiple vulnerabilities in MegaRAC BMC firmware that riddled the security of numerous server brands. IT admins must ensure prompt updates to their servers to avoid potential exploits.

MegaRAC BMC Vulnerabilities

Eclypsium Research team has found three different vulnerabilities in the MegaRAC Baseboard Management Controller (BMC) software.

MegaRAC BMC is a remote management solution from American Megatrends, Inc. (AMI). It currently empowers servers from numerous popular brands such as AMD, Asus, Dell EMC, Huawei, Nvidia, and Qualcomm.

As elaborated in their detailed post, the vulnerabilities include,

  • CVE-2022-40259 (CVSS 9.5) – an arbitrary code execution vulnerability in the Redfish API implementation. A specially crafted exploit from an attacker with minimum access to the target device could trigger the flaw.
  • CVE-2022-40242 (CVSS 8.3) – Default credentials for UID = 0 shell via SSH. The researchers stated that they found “a hash in etc/shadow for the sysadmin user,” cracking, which made them reach the default credentials. Exploiting this vulnerability merely requires an attacker to have remote access to the target device.
  • CVE-2022-2827 (CVSS 7.5) – when resetting the password, one of the parameters could allow an adversary to discover various user accounts by querying possible usernames. It then allows the attacker to perform credential stuffing or brute force attacks against those accounts.

Given the trivial exploitation scenarios for these critical flaws, researchers suggest that BMC servers should be correctly configured, however they noticed most BMC servers exposed to the internet due to improper security or misconfigurations. These vulnerabilities immensely heighten server security by potentially inviting online attackers.

Recommended Mitigations

Researchers have shared numerous mitigation strategies for users to prevent vulnerabilities and exploitation risks. Some of these include the basic security procedures that are a must-have for businesses and IT admins, such as restricting device access to authorized users, keeping the firmware/software up-to-date, and disabling unnecessary remote access.

Moreover, they also advise disabling built-in admin accounts and performing regular vulnerability scans of critical server firmware for prompt remediation.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients