SuperMicro IPMI Security Vulnerability

TPerry

Well-known member
Just thought folks might be interested (that have SuperMicro servers) in an alert email I just got from my provider.
Valued QuadraNet customer,

Many of you have likely heard of a vulnerability which affects the SuperMicro manufacturer's out of band management controller: IPMI. This vulnerability allows attackers to quickly determine the password used to access the component, and can use it to format your machine, gain root or administrator level access, or use it to engineer other attack vectors.

If you are a colocation client currently running SuperMicro machines with publicly accessible IPMI, QuadraNet strongly urges you to take efforts to secure your machine's IPMI immediately. If you need time to secure these IPMI devices, please open up a ticket with us now and list the IPMI IPs you would like null-routed.

If you are a dedicated server client, there is no need for concern: QuadraNet originally designed IPMI access to be available only from the private network; this has greatly isolated your machines from this world-wide threat. That said, QuadraNet has undertaken actions to ensure that your machines are even more protected.

We have published additional information as well as the countermeasures we have undertaken for dedicated server customers, and recommended actions for colocation customers on our blog: <redacted>

We also realize that because the attack has affected some of our colocation customers already, we have attempted to limit your exploit exposure. We have scanned our public IP space for vulnerable IPMI versions and have prevented password exposure; however if you were scanned prior to today, your IPMI IP, username, and password is probably already in an online database.

QuadraNet is also available to null-route all colocation customer IPMI IPs to allow you time to undertake the necessary security fixes. We will be attempting to open tickets for all customers with affected devices, but this process will take time.

The temporary port restriction on affected colocation customer's public uplinks will be removed on July 15th, or if you request by a ticket. This port is TCP/49152.

QuadraNet welcomes any comments or concerns regarding this vulnerability. If you have questions or comments, please open a ticket so that we can address them.


QuadraNet Management
QuadraNet, Inc.
 
Several major hosts have already been hit by this. Not really sure why anyone would run IPMI unfirewalled, but oh well.
Yeah... I don't know why they wouldn't have it firewalled... but figured I'd just do a "heads-up" for those that might not be.
 
Top Bottom