Acer Answers Security & Vulnerabilities

Vulnerable BMC firmware of Enterprise servers

VULNERABILITY DETAILS:

Researchers have identified a vulerability with Vertiv BMC (Baseboard Management controllers) that may cause the server to be hacked to execute any code attack.

One vulnerability is that the BMC firmware does not perform cryptographic signature verification before receiving updates and writing to the SPI flash memory.

The second vulnerability is that the firmware update has an instruction injection vulnerability.

Both vulnerabilities allow an attacker to use the host administrator privileges to execute arbitrary code on the firmware and make permanent changes to the SPI flash memory contents in the BMC. The attacker can also change the BMC environment to prevent future firmware updates through the software mechanism, so that the BMC can be permanently destroyed.

Impact Scope:

Acer Altos Servers with ASPEED AST2300 / AST2400 / AST2500 BMCs with Vertiv Avocent MergePoint EMS firmware.

Resolution:

Acer is working closely with vendors to address certain baseboard management controller (BMC) firmware vulnerabilities that affect some of its Altos server products. We recommend that customers limit their risk by following common security best practices, restricting privileged access to trusted administrators, and by applying the latest BMC and CMC firmware updates below.

Affected Acer Models and firmware updates:

Altos T310 F3

BMC Firmware - v1.41

AR460 F3

BMC Firmware - v8.86

AR480 F3

BMC Firmware - v8.86

Altos W2050-W270h F4