Several critical vulnerabilities have been discovered in the Intelligent Platform Management Interface (IPMI) firmware used in Supermicro baseboard management controllers (BMCs). These flaws have the potential to result in privilege escalation and the execution of malicious code on affected systems.
Details:
Nature of Vulnerabilities:
Cross-Site Scripting (XSS) Flaws (CVE-2023-40284, CVE-2023-40287, CVE-2023-40288): These three vulnerabilities enable remote, unauthenticated attackers to execute arbitrary JavaScript code within the context of a logged-in BMC user. They are rated with a CVSS score of 9.6.
Additional XSS Flaws (CVE-2023-40285, CVE-2023-40286): These two vulnerabilities allow remote, unauthenticated attackers to execute arbitrary JavaScript code in the context of a logged-in BMC user by manipulating browser cookies or local storage. They have a CVSS score of 8.6.
Operating System Command Injection (CVE-2023-40289): Rated with a CVSS score of 9.1, this flaw permits the execution of malicious code with administrative privileges, posing a significant risk to the compromised BMC system.
Internet Explorer-Specific XSS Flaw (CVE-2023-40290): This vulnerability, with a CVSS score of 8.3, allows remote, unauthenticated attackers to execute arbitrary JavaScript code, but it is limited to Internet Explorer 11 on Windows.
Potential Exploitation Scenario:
A hypothetical scenario involves an attacker sending a phishing email containing a malicious link to the administrator. When clicked, this link triggers the execution of the XSS payload, potentially leading to the compromise of the BMC system.
Severity and Impact:
CVE-2023-40289 is classified as critical, as it grants authenticated attackers root access, enabling them to fully compromise the BMC system. This privilege allows for persistent attacks even after BMC component reboots, potentially allowing lateral movement within the compromised infrastructure.
Attack Surface:
Binarly reported over 70,000 instances of internet-exposed Supermicro IPMI web interfaces at the beginning of October 2023. However, as of the disclosure, there is no evidence of active malicious exploitation.
Recommendations:
Supermicro has released a BMC firmware update to address these vulnerabilities. Promptly applying this update is crucial to mitigate potential threats.
Conclusion:
The critical vulnerabilities found in Supermicro BMCs highlight the importance of promptly addressing security flaws in critical infrastructure components. By releasing firmware updates, Supermicro aims to safeguard its products and users from potential exploits.
