fromSecurityWeek
1 week agoPatch Bypassed for Supermicro Vulnerability Allowing BMC Hack
Supermicro informed customers in January that a researcher from Nvidia had discovered several BMC firmware vulnerabilities, including CVE-2024-10237, an image authentication issue that could allow an attacker to conduct malicious firmware updates. "An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process," Supermicro explained. A malicious firmware update would enable the attacker to gain complete and persistent control of the BMC and the operating system.
Information security