Security News > 2023 > February > Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software

Additional Supply Chain Vulnerabilities Uncovered in AMI MegaRAC BMC Software
2023-02-01 03:14

Two more supply chain security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller software, nearly two months after three security vulnerabilities were brought to light in the same product.

Firmware security firm Eclypsium said the two shortcomings were held back until now to provide AMI additional time to engineer appropriate mitigations.

The issues, collectively tracked as BMC&C, could act as springboard for cyber attacks, enabling threat actors to obtain remote code execution and unauthorized device access with superuser permissions.

Specifically, MegaRAC has been found to use the MD5 hashing algorithm with a global salt for older devices, or SHA-512 with per user salts on newer appliances, potentially allowing a threat actor to crack the passwords.

CVE-2022-26872 and CVE-2022-40258 add to three other vulnerabilities disclosed in December, including CVE-2022-40259, CVE-2022-40242, and CVE-2022-2827.

"The impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage," Eclypsium noted.


News URL

https://thehackernews.com/2023/02/additional-supply-chain-vulnerabilities.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-01-31 CVE-2022-40258 Use of Password Hash With Insufficient Computational Effort vulnerability in AMI Megarac Spx-12 and Megarac Spx-13
AMI Megarac Weak password hashes for Redfish & API
network
low complexity
ami CWE-916
5.3
2023-01-30 CVE-2022-26872 Weak Password Recovery Mechanism for Forgotten Password vulnerability in AMI Megarac Sp-X 12/13
AMI Megarac Password reset interception via API
network
low complexity
ami CWE-640
8.8
2022-12-05 CVE-2022-40259 Improper Authentication vulnerability in AMI Megarac Sp-X 12/13
MegaRAC Default Credentials Vulnerability
network
low complexity
ami CWE-287
critical
9.8
2022-12-05 CVE-2022-40242 Improper Authentication vulnerability in AMI Megarac Sp-X 12/13
MegaRAC Default Credentials Vulnerability
network
low complexity
ami CWE-287
critical
9.8
2022-12-05 CVE-2022-2827 Unspecified vulnerability in AMI Megarac Sp-X 12/13
AMI MegaRAC User Enumeration Vulnerability
network
low complexity
ami
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
BMC 24 3 21 14 7 45
AMI 5 0 6 26 6 38