DIVD-2022-00055 - Server Management Interfaces security issues
|Case lead||Pepijn van der Stap|
|Versions||any. For hardware it depends on the firmware shipped by the hardware vendor|
|Recommendation||If you received a notification of a vulnerability, patch your system with the information provided in the notification.|
|Last modified||08 Dec 2022 16:28|
DIVD started looking for vulnerabilities regarding (hardware) server management interfaces, worldwide. These interfaces are often exposed to the internet and are not protected by default. This makes them a target for attackers. DIVD is researching vulnerabilities in (hardware) server management interfaces globally and notifying the owners of misconfigured services.
What you can do
- If you receive a notification, make sure the vulnerability described in that notification is patched. The notification will be sent along with a location and description of the vulnerability. If you have any questions regarding the mitigation of these vulnerabilities, feel free to reply to the email, and we’ll gladly help!
IT and IT security teams should consider putting the instance on a separate network, and only allow access to it from a trusted network, via a stepping stone/bastion server, or via VPN. This will prevent attackers from accessing the management interface from the internet.
What we are doing
- DIVD is currently ensuring that the owners of vulnerable systems are being notified. We do this by scanning for exposed management interfaces, and then examining whether vulnerabilities are present and notifying the owners of these vulnerable systems with the issue and remediation information.
|08 Oct 2022||DIVD starts investigating the scope of management interfaces.|
- Intelligent Platform Management Interface ++ Security Best Practises
- VNC deep dive and Security Advice by Rapid7