Posted on 2019/10/01
You may have heard in the news or from your customers about a new vulnerability in Supermicro's IPMI firmware coined "USB Anywhere"
This particular vulnerability targets the USB function of the BMC's virtual media and could potentially allow an attacker to manipulate a target system in a number of ways.
In this case, the researchers who found the vulnerability contacted Supermicro ahead of going to press to enable them to take action. As a result, there is already advice on how to negate this vulnerability and a selection of new firmware available from Supermicro on their website.
Please refer customer's enquiries to the below statement which details Supermicro's current recommendations on the issue and links to updated firmware:
Researchers have identified vulnerabilities in the Virtual Media function of Supermicro BMCs. BMC/IPMI Virtual Mediais a feature of the Virtual Console that enables users to attach a CD/DVD image to the server as a virtual CD/DVD drive. These vulnerabilities include plaintext authentication, weak encryption, and authentication bypass within the Virtual Media capabilities. Identified by researchers in the lab, the vulnerabilities have not been reported in a customer environment.
We want to thank the Eclypsium team for bringing this issue to our attention and their collaboration on validating the remediation.
Industry best practice is operating BMCs on an isolated private network not exposed to the internet, which would reduce, but not eliminate the identified exposure.
Another potential interim remediation is to disable Virtual Media by blocking TCP port 623 and then upgrade to the latest security fix for BMC/IPMI firmware at a later date. Please follow these instructions to disable port TCP 623.
New versions of the BMC software address these vulnerabilities. Check below for details on specific products.
View table that shows affected X9, X10, X11, H11 and H12 Supermicro products.
If you have any follow up questions, please feel free to ask one of the technical team, who will be glad to assist you.
If you're interested in further reading then you may be aware that recently the Boston Labs team published a short article on IPMI best practices: https://www.boston.co.uk/blog/2019/07/24/ipmi-best-security-practices.aspx