Additional vulnerabilities have been identified in AMI MegaRAC BMC Software

Two more baseboards have been exposed in the AMI MegaRAC Baseboard Management Controller (BMC) software, almost two months after three security vulnerabilities were discovered in the same product.

 Firmware Security Firmware Eclypsium said both flaws have been prevented so far to give AMI time to devise appropriate mitigations. These issues, grouped together as BMC&C, can be a source for cyber-attacks, allowing threat actors to obtain remote code execution and gain unauthorized access to devices with superuser privileges.

The two new offenses in question are- 

CVE-2022-26872 (CVSS score: 8.3) - password reset trap via API 

CVE-2022-40258 (CVSS score: 5.3) - Vulnerable password hashes for Redfish and API 

Specifically, MegaRAC was found to use an MD5 hash algorithm with a global salt for older devices, or SHA-512 with an individual salt on newer devices, which could allow an attacker to crack the words the body. CVE-2022-26872, on the other hand, leverages the HTTP API to trick a user into initiating password resets through a social engineering attack and setting a password of their choice. 'An opponent.

CVE-2022-26872 and CVE-2022-40258 join three other vulnerabilities disclosed in December, including CVE-2022-40259 (CVSS score: 9.9), CVE-2022-40242 (CVSS score: 8.3) and CVE-2072 Score CVSS: 7.5). It should be emphasized that the vulnerability is only used in situations where the BMC is exposed to the Internet or in situations where a threat actor has already gained initial access to the data center or administrative network through d methods again.

The radius of the BMC&C blast is currently unknown, but Eclypsium said it is working with AMI and others to determine the extent of the products and services affected. Gigabyte, Hewlett Packard Enterprise, Intel and Lenovo have released updates to fix security flaws in their devices. NVIDIA is expected to deliver the patch in May 2023. "Effects of exploiting these vulnerabilities include remote monitoring of compromised servers, delivery of malware, ransomware and malware, and physical damage to the server (bricking)," Eclypsium said.