DIVD-2022-00055 - Server Management Interfaces security issues
|Pepijn van der Stap
|any. For hardware it depends on the firmware shipped by the hardware vendor
|If you received a notification of a vulnerability, patch your system with the information provided in the notification.
|11 Jan 2023 18:58
DIVD started looking for vulnerabilities regarding (hardware) server management interfaces, worldwide. These interfaces are often exposed to the internet and are not protected by default. This makes them a target for attackers. DIVD is researching vulnerabilities in (hardware) server management interfaces globally and notifying the owners of misconfigured services.
What you can do
- If you receive a notification, make sure the vulnerability described in that notification is patched. The notification will be sent along with a location and description of the vulnerability. If you have any questions regarding the mitigation of these vulnerabilities, feel free to reply to the email, and we’ll gladly help!
IT and IT security teams should consider putting the instance on a separate network, and only allow access to it from a trusted network, via a stepping stone/bastion server, or via VPN. This will prevent attackers from accessing the management interface from the internet.
What we are doing
- DIVD is currently ensuring that the owners of vulnerable systems are being notified. We do this by scanning for exposed management interfaces, and then examining whether vulnerabilities are present and notifying the owners of these vulnerable systems with the issue and remediation information.
|08 Oct 2022
|DIVD starts investigating the scope of management interfaces.
|10 Dec 2022
|DIVD starts looking for servers that are vulnerable to CVE-2013-4786.
|11 Dec 2022
|DIVD starts notifying the owners of servers affected by CVE-2013-4786.
|14 Dec 2022
|DIVD shares information about the affected servers in the Netherlands with the Digital Trust Center & het Nederlands Security Meldpunt.
|08 Jan 2023
|DIVD performs another worldwide scan for vulnerable management interfaces, informing the owners of the affected servers and shares relevant data with Digital Trust Center & het Nederlands Security Meldpunt.
- Intelligent Platform Management Interface ++ Security Best Practises
- VNC deep dive and Security Advice by Rapid7