Virtual USB hub allows attackers to get into BMCs
Tens of thousands of servers around the world are believed to be hosting a vulnerability that would allow an attacker to remotely commandeer them.
The team at Eclypsium says it has discovered a set of flaws it refers to as USBAnywhere that, when exploited, would potentially allow an attacker to take over the baseboard management controller (BMC) for three different models of server boards: the X9, X10, and X11.
BMCs are designed to be a sort of always-on remotely accessible "computer within the computer" that allow admins to connect to a server over the network and perform critical maintenance tasks, like updating the OS or firmware.
Ideally, BMCs are locked down within the network in order to prevent access by anyone ..
Support the originator by clicking the read the rest link below.
