Обложка канала

Информация опасносте

18724 @alexmakus

Чаще про infosex (зачеркнуто) про infosec

Информация опасносте

3 года назад
Открыть в
Earlier this year, Eclypsium Research discovered and reported 5 vulnerabilities in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software. MegaRAC BMC is a critical supply chain component found in millions of devices worldwide and used by multiple top-tier manufacturers to deliver “lights-out” management for servers. Today, Eclypsium Research is disclosing a pair of additional BMC&C vulnerabilities in the same AMI MegaRAC BMC software. These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser permissions. They can be exploited by any local or remote attacker having access to the Redfish management interface.  eclypsium.com/researc…-forever
Supply Chain Vulnerabilities Put Server Ecosystem At Risk - Eclypsium | Supply Chain Security for the Modern Enterprise

Updated: 1/30/2023 BMC&C Eclypsium Research has discovered and reported 5 vulnerabilities in AMI MegaRAC Baseboard Management Controller (BMC) software. As part of our coordinated disclosure with AMI, three CVEs were initially published in December of 2022 and the remaining two were held until January 2023 in order to provide AMI additional time to develop mitigations. […]

Eclypsium | Supply Chain Security for the Modern Enterprise