IPMI based attack vectors can be extremely damaging due to the unique method in which hackers can gain access:
-- IPMI-based security weaknesses exist within network-accessible embedded
components of rack-mount hardware. As such, normal operating
system-based security controls offer no protection.
-- Attackers can hijack powered-on servers even when they are shut down,
and then leverage this access to take over the primary operating system.
This is true whether the organization is running Microsoft Windows (32
or 64-bit) or Linux operating systems on the targeted servers.
-- This issue appears to be widespread. Rack-mount servers with these flaws
have been in distribution for years, and exist within a variety of
models manufactured by numerous vendors.
DDI's Vulnerability Research Team (VRT) has been performing extensive analysis on the flaws to validate the conditions, and presented its analysis and findings during the BSides Texas - San Antonio conference in May 2013.
Following the company's responsible disclosure policy, DDI has been warning customers and technology partners of the dangers of this concern for several months, while at the same time conducting responsible due diligence and developing remediation solutions for the issue.
Gordon MacKay, EVP/Chief Technology Officer at DDI states, "When our security research team examined these embedded interfaces, the magnitude of the implementation flaws became clear. We knew we had to act quickly to ensure our clients were not impacted by the threat. We released our findings to the information security community at BSides, while fast-tracking our research to find a remedy. We are pleased that we are able to both raise awareness about this potentially harmful threat, and offer solutions as well."
More detailed information on the IPMI vulnerabilities and remediation can be accessed on the DDI Labs Blog. In addition, organizations wishing to obtain a rapid scan of their full network to determine if these vulnerabilities are present can contact DDI at 888-273-1412 or [email protected]
About Digital Defense
Founded in 1999, Digital Defense, Inc. (DDI) is the premier provider of managed security risk assessment solutions protecting billions in assets for small businesses to Fortune companies in over 65 countries. DDI's dedicated team of experts helps organizations establish a culture of security through regular information security assessments, awareness education and decisive security intelligence. This proven method bolsters the capability of organizations to reduce risk and keep information, intellectual property and reputations secure.
The combination of DDI's certified security analysts, patent-pending scanning technology and proprietary cloud-based vulnerability management system, the
Frontline(TM) Solutions Platform, delivers one of the most powerful assessment results and remediation management solutions available. Contact DDI at
877-273-4202 or www.ddifrontline.com.