Over 47K Supermicro Corporate Servers Vulnerable to Attack

Vulnerabilities in a remote-monitoring component give attackers a way to mount virtual USBs on systems, Eclypsium warns.

UPDATE--09/04/2019
Supermicro on Wednesday
released security updates
addressing the vulnerabilities in its X9, X10 and X11 server platforms.
At least 47,000 Supermicro servers are vulnerable to attack and compromise over the Internet via several security vulnerabilities in a remote monitoring and management component on the systems.
Supermicro has urged organizations using its X9, X10, and X11 platforms to block the port through which attacks can be carried out while the company works on getting a security fix issued.
The vendor has also asked impacted organizations to ensure that the vulnerable component is operating on an isolated private network and is not directly exposed to the Internet. The precaution would reduce but not eliminate the identified exposure, Supermicro said in an
advisory
Tuesday.
The vulnerabilities - discovered by security vendor Eclypsium - exist in the baseboard management controllers (BMC) of Supermicro servers. They give attackers a way to remotely connect to a server, mount a virtual USB CD/DVD drive, and carry out a variety of activities including loading a new operating system image, modifying settings, dropping malware, or disabling the device entirely.
A BMC is an
embedded component
that allows administrators to do out-of-band monitoring of servers and desktops. BMCs have direct access to the motherboard of the host system and enable actions like remote rebooting, remote OS reinstallation, and remote log analysis. Most desktops and servers ship with BMCs on them.
BMCs are highly privileged devices in modern systems that [also] have a poor security track record, says Rick Altherr, principal engineer at Eclypsium. Security researchers are actively looking for ways to attack BMCs because of their reputation for being riddled with vulnerabilities, he says. Over the years security researchers have
discovered weaknesses
in BMCs from HP, Dell, IBM, Supermicro, Oracle, Fujistu, and others.
End users should treat them [BMCs] as vulnerable and take steps to protect them on their network, Altherr says. For the future, server vendors need to hear from customers that BMC security is important and needs to be addressed.
According to Eclypsium, the problem it found has to with how the BMCs on Supermicros X9, X10, and X11 servers have implemented a virtual media function designed to give users and administrators a way to remotely connect via TCP port 623 to a disk image as a virtual USB CD or DVD drive on a system.
Authentication Weaknesses
What Eclypsiums researchers discovered is that the virtual media service on the Supermicro BMCs allows plain-text authentication and sends traffic unencrypted, or only weakly encrypted, between the client and server.
The BMCs on Supermicros X10 and X11 platforms also allow for authentication bypass entirely. Eclypsiums researchers found that when a client is properly authenticated to the virtual media service on these devices and disconnects, crucial details about that clients session are left intact. When a new client connects, it inherits the previous clients authorizations even if the new client attempts access using incorrect authentication credentials.
Together, the weaknesses give attackers a way to relatively easily gain access to a server and plug a virtual USB into it and carry out different types of malicious activity, Eclypsium
said
this week. Because of how Supermicro has implemented the virtual media service, an attacker can virtually mount any USB device to the server.
Attackers can gain access using a legitimate users authentication packet by exploiting default credentials or in some cases, by bypassing authentication entirely, the security vendor said.
An Eclypsium scan of TCP port 623 showed there are more than 47,330 BMCs with the vulnerable virtual-media services that are publicly accessible. Many other vulnerable systems likely exist that are not directly accessible from the Internet, but can be exploited by attackers with access to a corporate network, Eclypsium said.
A majority of the vulnerable systems belong to US-based organizations, says Altherr.
In all, the security vendor discovered over 92,000 BMCs that are discoverable over the Internet, including the over 47,300 servers with the vulnerable virtual-services component.
Related Content:
Firmware Vulnerabilities Show Supply Chain Risks
BlueKeep Exploits Appear as Security Firms Continue to Worry About Cyberattack
How to Keep Your Web Servers Secure
7 Truths About BEC Scams

Check out
The Edge
, Dark Readings new section for features, threat data, and in-depth perspectives. Todays top story:
It Saved Our Community: 16 Realistic Ransomware Defenses for Cities
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Over 47K Supermicro Corporate Servers Vulnerable to Attack