Pantsdown OpenBMC Code Execution Vulnerability

A security researcher has released details of a code execution vulnerability, known as 'Panstdown', in the OpenBMC baseboard management controller (BMC) firmware.

Threat ID:: CC-2899
Category:
Threat Severity:: Low
Threat Vector:: Insecure network
Published:: 24 January 2019 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

A security researcher has released details of a code execution vulnerability, known as 'Panstdown', in the OpenBMC baseboard management controller (BMC) firmware.

Threat details

A local unauthorised user could exploit this vulnerability to gain access to connected servers; at which point they may execute arbitrary commands or files, alter the server's firmware or configuration settings, disable the BMC or cause a denial-of-service condition.

The vulnerability appears to be a result of how certain BMC configurations implement Advanced High-performance Bus (AHB) bridges, used to access a BMC's physical address space. In these configurations the AHB bridges can be accessed by any user on the same network without requiring them to authenticate. The user would then have full read/write access to the affected BMC, from which they could then gain access to the server the BMC is connected to.

For further information:

CVE-2019-6260

Remediation steps

Type	Step
	OpenBMC have released updates to address this vulnerability, however, affected systems will also likely require updated manufacturer firmware to fully address it. Users and administrators are encouraged to apply the necessary updates and contact their relevant suppliers for further support

Type

Step

OpenBMC have released updates to address this vulnerability, however, affected systems will also likely require updated manufacturer firmware to fully address it.

Users and administrators are encouraged to apply the necessary updates and contact their relevant suppliers for further support

Last edited: 14 February 2020 2:44 pm