March 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
North Korean APT Kimsuky Aka Black Banshee – Active IOCs
April 17, 2024Multiple Microsoft Windows Products Vulnerabilities
April 17, 2024North Korean APT Kimsuky Aka Black Banshee – Active IOCs
April 17, 2024Multiple Microsoft Windows Products Vulnerabilities
April 17, 2024
Severity
High
Analysis Summary
A recent revelation has shed light on a concerning security flaw affecting the Lighttpd web server utilized in baseboard management controllers (BMCs), which has unfortunately gone unaddressed by major device vendors such as Intel and Lenovo.
Despite being rectified by Lighttpd maintainers in August 2018 with version 1.4.51, the absence of a CVE identifier or an advisory led to oversight by developers of AMI MegaRAC BMC, ultimately resulting in its incorporation into products by Intel and Lenovo.
This vulnerability is an out-of-bounds read issue that poses significant risks by potentially allowing threat actors to extract sensitive data including process memory addresses, thereby circumventing crucial security mechanisms like ASLR. The specific flaws identified include out-of-bounds read vulnerabilities in Lighttpd 1.4.45 used in Intel M70KLP series firmware, Lighttpd 1.4.35 used in Lenovo BMC firmware, and any version preceding 1.4.51.
Intel and Lenovo have chosen not to address the issue citing the end-of-life status of affected products, rendering them ineligible for security updates and effectively perpetuating the vulnerability as a forever-day bug. This scenario underscores the broader challenge of outdated third-party components persisting in firmware updates, posing unforeseen security risks across the supply chain and to end users.
Cybersecurity researchers emphasize the far-reaching consequences of such unaddressed vulnerabilities and the enduring high-impact risks posed to the industry. This situation underscores the importance of comprehensive security practices throughout the firmware and software supply chains to prevent similar issues from arising in the future.
Impact
- Security Bypass
- Sensitive Data Theft
Remediation
- Ensuring that all security fixes are properly documented with CVE identifiers and advisories can facilitate better communication and handling of security updates down the supply chain.
- Implementing systems for continuous monitoring of firmware and software components for vulnerabilities is crucial. This allows for timely detection and remediation of vulnerabilities, even in third-party components.
- Collaboration between device vendors and third-party software maintainers is essential for effectively addressing vulnerabilities.
- Even after a product reaches end-of-life status, vendors should continue to provide security updates for a reasonable period to mitigate the risk of vulnerabilities.
- Educating end users about the importance of applying security updates and the risks associated with running outdated software can help mitigate the impact of vulnerabilities.