"At Least 47,000 Servers Vulnerable to Remote Attack"
Researchers at the security firm, Eclypsium, discovered the vulnerability of at least 47,000 Supermicro servers in 90 countries. According to researchers, these servers contain vulnerabilities in their baseboard management controller (BMC) firmware. The exploitation of these vulnerabilities could allow malicious actors to perform an attack, called USBAnywhere, in which the credentials for the BMCs are obtained to execute USB-based attacks on a server remotely. As BMCs are considered to be highly privileged components in that they enable administrators to perform out-of-band management of a server, the vulnerability of these service processors can allow an attack to be launched on an organization's most valuable assets. This article continues to discuss the vulnerability of Supermicro servers and the importance of monitoring the firmware attack surface.
Computer Weekly reports "At Least 47,000 Servers Vulnerable to Remote Attack"