Ravi Nayyar on Nostr: 'Unfortunately, according to Binarly REsearch team findings, the state of BMC ...

'Unfortunately, according to Binarly REsearch team findings, the state of BMC [Baseboard Management Controller!!!!!] security on Supermicro servers shows the level of product security practices from early 2000-x and does not meet modern security standards. The attacks we are disclosing show the very low complexity of compromising BMC host OS and gaining enough privileges to deliver a persistent firmware implant to the UEFI BIOS'. [Patches are out: https://www.securityweek.com/new-supermicro-bmc-vulnerabilities-could-expose-many-servers-to-remote-attacks/]

Binary report: https://binarly.io/posts/Binarly_REsearch_Uncovers_Major_Vulnerabilities_in_Supermicro_BMCs/index.html