Jump to content

Vulnerabilidade IPMI Super Micro


RonanC

Recommended Posts

Bom dia amigos, acabei de receber de dois dc tive ou tenho serviços ativos.

 

Fiquem atentos, muitos já perderam dados importantes com essa falha.

 

 

 

Valued QuadraNet customer,

Many of you have likely heard of a vulnerability which affects the SuperMicro manufacturer's out of band management controller: IPMI. This vulnerability allows attackers to quickly determine the password used to access the component, and can use it to format your machine, gain root or administrator level access, or use it to engineer other attack vectors.

If you are a colocation client currently running SuperMicro machines with publicly accessible IPMI, QuadraNet strongly urges you to take efforts to secure your machine's IPMI immediately. If you need time to secure these IPMI devices, please open up a ticket with us now and list the IPMI IPs you would like null-routed.

If you are a dedicated server client, there is no need for concern: QuadraNet originally designed IPMI access to be available only from the private network; this has greatly isolated your machines from this world-wide threat. That said, QuadraNet has undertaken actions to ensure that your machines are even more protected.

We have published additional information as well as the countermeasures we have undertaken for dedicated server customers, and recommended actions for colocation customers on our blog:http://blog.quadranet.com/supermicro-ipmi-exploit-reveals-passwords-in-plain-text/

We also realize that because the attack has affected some of our colocation customers already, we have attempted to limit your exploit exposure. We have scanned our public IP space for vulnerable IPMI versions and have prevented password exposure; however if you were scanned prior to today, your IPMI IP, username, and password is probably already in an online database.

QuadraNet is also available to null-route all colocation customer IPMI IPs to allow you time to undertake the necessary security fixes. We will be attempting to open tickets for all customers with affected devices, but this process will take time.

The temporary port restriction on affected colocation customer's public uplinks will be removed on July 15th, or if you request by a ticket. This port is TCP/49152.

QuadraNet welcomes any comments or concerns regarding this vulnerability. If you have questions or comments, please open a ticket so that we can address them.

QuadraNet Management
QuadraNet, Inc.
+1 (213) 614-9371 x1

--

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

Do you agree with our terms?