Stories
Slash Boxes
Comments

SoylentNews is people

Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules

posted by Fnord666 on Thursday August 13 2020, @04:43PM   Printer-friendly
from the another-day-another-flaw dept.

upstart writes in with an IRC submission:

Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules:

A critical privilege-escalation flaw affects several popular Intel motherboards, server systems and compute modules.

Intel is warning of a rare critical-severity vulnerability affecting several of its motherboards, server systems and compute modules. The flaw could allow an unauthenticated, remote attacker to achieve escalated privileges.

The recently patched flaw (CVE-2020-8708) ranks 9.6 out of 10 on the CVSS scale, making it critical. Dmytro Oleksiuk, who discovered the flaw, told Threatpost that it exists in the firmware of Emulex Pilot 3. This baseboard-management controller is a service processor that monitors the physical state of a computer, network server or other hardware devices via specialized sensors.

[...] The critical flaw stems from improper-authentication mechanisms in these Intel products before version 1.59.

In bypassing authentication, an attacker would be able to access to the KVM console of the server. The KVM console can access the system consoles of network devices to monitor and control their functionality. The KVM console is like a remote desktop implemented in the baseboard management controller – it provides an access point to the display, keyboard and mouse of the remote server, Oleksiuk told Threatpost.

The flaw is dangerous as it's remotely exploitable, and attackers don't need to be authenticated to exploit it – though they need to be located in the same network segment as the vulnerable server, Oleksiuk told Threatpost.

"The exploit is quite simple and very reliable because it's a design flaw," Oleksiuk told Threatpost.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Critical Intel Flaw Afflicts Several Motherboards, Server Systems, Compute Modules | Log In/Create an Account | Top | 12 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Thursday August 13 2020, @06:42PM (3 children)

    by Anonymous Coward on Thursday August 13 2020, @06:42PM (#1036262)

    I'm really starting to think this is all planned. "Lets insert this non-fixable critical security bug here. It will take a couple of years to be found then everyone will have to upgrade so they can be safe. We win with more sales to replace hardware that is performing perfectly fine, and dont get blamed for having to go down the 'planned obsolesce' route to keep our sales up."

  • (Score: 2) by DannyB on Thursday August 13 2020, @07:56PM

    by DannyB (5839) Subscriber Badge on Thursday August 13 2020, @07:56PM (#1036279) Journal

    It will take a couple of years to be found

    Your explanation sounds good except for the sentence I just quoted.

    Replace with:

    It will take a couple years before we intentionally leak it.

    --
    The lower I set my standards the more accomplishments I have.

  • (Score: 2) by zoward on Thursday August 13 2020, @08:53PM (1 child)

    by zoward (4734) on Thursday August 13 2020, @08:53PM (#1036302)

    That's assuming we don't replace all that Intel kit with AMD.

    • (Score: 0) by Anonymous Coward on Thursday August 13 2020, @09:04PM

      by Anonymous Coward on Thursday August 13 2020, @09:04PM (#1036308)

      And then switch back to Intel when a similar flaw is found in the AMD PSP?