Register to test the Supermicro AS-2124GQNART EGX™ A100. A 4-GPU platform (Redstone) which utilises the newest version of NVIDIA® NVLink™ and NVIDIA NVSwitch™ technologies in just 2U.

Find your custom Supermicro sever from our dedicated estore.

Find out the latest news, product information and promotions first by accessing our blog.

Read now

Expert AI and Deep Learning training. The BTA offers structured, e-learning, face-to-face, labs and training, delivered by world-class trainers, tailored to the knowledge-base of the attendees from beginner up to expert.

Find out more

Boston Technology Consulting helps organisations to effectively create, optimise and grow their businesses in today’s challenging marketplace.

Find out more

Supermicro IPMI firmware coined "USB Anywhere"

Posted on 01 October, 2019

You may have heard in the news or from your customers about a new vulnerability in Supermicro's IPMI firmware coined "USB Anywhere"

This particular vulnerability targets the USB function of the BMC's virtual media and could potentially allow an attacker to manipulate a target system in a number of ways.

In this case, the researchers who found the vulnerability contacted Supermicro ahead of going to press to enable them to take action. As a result, there is already advice on how to negate this vulnerability and a selection of new firmware available from Supermicro on their website.

Please refer customer's enquiries to the below statement which details Supermicro's current recommendations on the issue and links to updated firmware:

https://www.supermicro.com/support/security_BMC_virtual_media.cfm

Researchers have identified vulnerabilities in the Virtual Media function of Supermicro BMCs. BMC/IPMI Virtual Mediais a feature of the Virtual Console that enables users to attach a CD/DVD image to the server as a virtual CD/DVD drive. These vulnerabilities include plaintext authentication, weak encryption, and authentication bypass within the Virtual Media capabilities. Identified by researchers in the lab, the vulnerabilities have not been reported in a customer environment.

We want to thank the Eclypsium team for bringing this issue to our attention and their collaboration on validating the remediation.

Industry best practice is operating BMCs on an isolated private network not exposed to the internet, which would reduce, but not eliminate the identified exposure.

Another potential interim remediation is to disable Virtual Media by blocking TCP port 623 and then upgrade to the latest security fix for BMC/IPMI firmware at a later date. Please follow these instructions to disable port TCP 623.

New versions of the BMC software address these vulnerabilities. Check below for details on specific products.

View table that shows affected X9, X10, X11, H11 and H12 Supermicro products.

If you have any follow up questions, please feel free to ask one of the technical team, who will be glad to assist you.

If you're interested in further reading then you may be aware that recently the Boston Labs team published a short article on IPMI best practices: https://www.boston.co.uk/blog/2019/07/24/ipmi-best-security-practices.aspx

RSS Feed

Sign up to our RSS feed and get the latest news delivered as it happens.

click here

Test out any of our solutions at Boston Labs

To help our clients make informed decisions about new technologies, we have opened up our research & development facilities and actively encourage customers to try the latest platforms using their own tools and if necessary together with their existing hardware. Remote access is also available

ISC 2024

Latest Event

ISC 2024 | 13th - 15th May 2024, Congress Center, Hamburg

International Super Computing is a can't miss event for anyone interested in HPC, tech, and more.

more info

Supermicro IPMI firmware coined "USB Anywhere"

Archives

Recent Blogs

RSS Feed

Sign up to our RSS feed and get the latest news delivered as it happens.

Test out any of our solutions at Boston Labs