Understanding Supermicro Server Vulnerabilities
The recent announcement of vulnerabilities within the Baseboard Management Controllers (BMCs) of Supermicro servers have shown us we need to ensure we are running a dedicated management network with Out-of-Band access.
Wired Magazine may have overstated the risk with their story “Supermicro Bug Could Let “Virtual USBs” Take Over Corporate Servers”, but it does highlight the importance of managing your infrastructure though a dedicated management plane to provide adequate security.
BMCs on the Supermicro X9, X10 and X11 platforms implement a key feature, virtual media, allowing administrators to attach devices such as USB and DVD drives. When accessed remotely, the service allows plaintext authentication, sends most traffic unencrypted and is susceptible to an authentication bypass. These issues allow an attacker to access the server, sometimes without needing any credentials at all. Once connected, hackers are able to attack the server as if they had physical access to a USB port.
If these devices were managed through an Opengear out-of-band network, restrictions could be put in place to provide secure access and keep your network safe via Smart Out-of-BandTM. Providing an alternate path to the network in the event of an outage, organizations are able to monitor, access and manage devices remotely. If a disruption is detected, automatically Smart Out-of-Band will detect and remediate the issue. Learn more about Opengear Console Servers and Remote IP backed by Lighthouse.