SuperMicro IPMI Vulnerability Notification
Posted by Eric M. on 27 June 2014 11:57 AM
Many of you have likely heard of a vulnerability which affects the SuperMicro manufacturer's out of band management controller: IPMI. Details on this vulnerability can be found at http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/ .
This vulnerability allows attackers to quickly determine the password used to access the component by accessing port 49152 over public networks. They can then use it to format your machine, gain root or administrator level access, or use it to engineer other attack vectors.
To test if you are vulnerable you can attempt to connect via port 49152 and review the response to “GET /PSBlock”.
If you are or think you are on a vulnerable SuperMicro publicly accessible IPMI, it is strongly recommended to complete the following.
Note Completing these steps out of order will leave your newly changed password vulnerable.
If you are a colocation client currently running SuperMicro machines with publicly accessible IPMI, we strongly urge you to take efforts to secure your machine's IPMI immediately. If you need time to secure these IPMI devices, please open up a ticket with us now and list the IPMI IPs you would like null-routed.
If you are a server administration client currently running SuperMicro machines with publicly accessible IPMIs we strongly recommend contacting your data center to to secure these IPMI devices. The immediate recommendation is to ask your datacenter to block port 49152 to prevent access while you secure any publicly accessible IPMIs.
If you have questions or comments, please open a ticket so that we can address them.