VULNERABILITY DETAILS:
Researchers have identified a vulerability with Vertiv BMC (Baseboard Management controllers) that may cause the server to be hacked to execute any code attack.
One vulnerability is that the BMC firmware does not perform cryptographic signature verification before receiving updates and writing to the SPI flash memory.
The second vulnerability is that the firmware update has an instruction injection vulnerability.
Both vulnerabilities allow an attacker to use the host administrator privileges to execute arbitrary code on the firmware and make permanent changes to the SPI flash memory contents in the BMC. The attacker can also change the BMC environment to prevent future firmware updates through the software mechanism, so that the BMC can be permanently destroyed.
Impact Scope:
Acer Altos Servers with ASPEED AST2300 / AST2400 / AST2500 BMCs with Vertiv Avocent MergePoint EMS firmware.
Resolution:
Acer is working closely with vendors to address certain baseboard management controller (BMC) firmware vulnerabilities that affect some of its Altos server products. We recommend that customers limit their risk by following common security best practices, restricting privileged access to trusted administrators, and by applying the latest BMC and CMC firmware updates below.
Affected Acer Models and firmware updates:
Altos T310 F3
BMC Firmware - v1.41
AR460 F3
BMC Firmware - v8.86
AR480 F3
BMC Firmware - v8.86
Altos W2050-W270h F4
BMC Firmware - v1.91 (only for Vertiv BMC Firmware)
CMC Firmware - v1.34
Altos R480 F4
BMC Firmware - v1.91 (only for Vertiv BMC Firmware)
Altos W2200-W670h F4
BMC Firmware - v1.91 (only for Vertiv BMC Firmware)
CMC Firmware - v1.34
Altos R369 F4
BMC Firmware - v1.91 (only for Vertiv BMC Firmware)
Altos R389 F4
BMC Firmware - v1.91 (only for Vertiv BMC Firmware)
More information
For additional information, please visit
Disclaimer
THE ABOVE INFORMATION IS PROVIDED "AS IS" IN CONNECTION WITH ACER AND INTEL® PRODUCTS. YOUR USE OF THE INFORMATION OR MATERIALS LINKED FROM THIS PAGE IS AT YOUR OWN RISK. ACER RESERVES THE RIGHT TO CHANGE OR UPDATE THIS PAGE AT ANY TIME.
https://eclypsium.com/wp-content/uploads/2019/07/Vulnerable-Firmware-in-the-Supply-Chain.pdf
