SUBSCRIBE
article, security

Interface weakness opens servers to attacks

Howard Solomon
Interface weakness opens servers to attacks

Network-based attack vector on major vendor rackmount servers allows attackers to bypass primary operating system defenses

A critical vulnerability in the intelligent platform management interface (IPMI) used by administrators to remotely control computer systems poses a significant threat to rack servers and cloud services running on those servers, according to a security risk assessment firm.ย 

โ€œThere is a no authentication mode of cipher zero mode built into IPMIs by manufacturers,โ€ said Gordon McKay, chief technology officer of Digital Defense Inc., a network security and penetration testing firm. โ€œIf this setting has not been changed, itย serves as a back door forย attackers to bypass operating system defenses.โ€
ย 
ย 
ย 
He said the flaw enables hackers to hijack a baseboard interface even when the power is off.

RELATED CONTENT

Whoโ€™s using spy software on Toronto Servers?

The IPMI is a messaged-based, hardware-level interface specification. It operates independently of the operating system. The flaw involves the network accessible components of rackmount hardware and is not protected by normal OS-based security controls, according to McKay.

โ€œHackers send out packets to the 623 UDP port. If they get a response it means the PMI Is not asking for authentication and the hackers can just go in,โ€ said McKay. โ€œOnce they are able to log in, it would be as if they were in the computer controlling the servers.โ€

Among the things a hacker could do are:

  • Reboot the computer
  • Install new operating system software
  • Steal data
  • Install a malware Trojan
  • Attackers can hijack servers even when they are powered down

โ€œKeep in mind this is a network accessible baseboard flaw, which means that it doesnโ€™t target the primary operating system but the embedded management agent running on the server,โ€ wrote Mike Cotton, chief network security architect for Digital Defense. โ€œTraditional mitigation such as firewalling all ports on the primary operating system or even shutting down the server completely wonโ€™t prevent network traffic from hitting this vector (The baseboard stays on even if the rest of the system is shutdown, so long as the power cord is plugged in).โ€

Cotton stressed the problem is not an isolated incident involving a single vendor, and neither is it something that occurred only in the past.

โ€œRackmounts have been shipping with this flaw for years and continued to do so today,โ€ he said. โ€œIf you havenโ€™t encountered it while performing network scans on large rackmount deployments, itโ€™s not that it isnโ€™t there, itโ€™s that you scanning vendor isnโ€™t checking for it.โ€

Cotton provided a remediation procedure in his post which worked on all the major rack mount servers tested by Digital Defense.

To find out what to do, Cisco Secure Mobility Knowledge Hub Sponsor: Cisco
Cisco Secure Mobility Knowledge Hub
This Knowledge Hub provides an end-to-end look at what it takes to discover, plan, and implement a successful Secure Mobility strategy.
Learn More


Tech Jobs

Categories

Popular Stories This Week

ITWC Network

Follow Us

©

2025

IT World Canada. All Rights Reserved.