Penguin Computing Statement on Eclypsium Reporting of Vulnerable Firmware in Enterprise Servers

BMC vulnerabilities on ASpeed platform with MergePoint EMS by Avocent (now Vertiv)

Potential Impact: Information disclosure

Severity: Medium

Summary Description

Eclypsium researchers identified a firmware vulnerability on ASpeed BMC based platform with firmware from MergePoint EMS, by Avocent (now Vertiv) according to a published report.

With administrative privilege, two specific vulnerabilities were found in the BMC firmware would allow an attacker make persistent and malicious modification to the BMC firmware.

  1. The BMC firmware update process for MergePoint EMS does not perform cryptographic signature verification before accepting updates and writing the contents to SPI flash.
  2. The code in the BMC that performs the firmware update process itself contains a command injection vulnerability

Mitigation Strategy for Customers (i.e. what you should do to protect yourself)

Update to the firmware level (or later) described for your system in the Product Impact section.
If it is not feasible to update the firmware immediately, partial protection can be achieved by access control for users with administrative privileges.

Acknowledgement

Penguin Computing would like to thank Gigabyte and Eclypsium for reporting on this issue.

Product Impact

Server Models Filename Checksum (md5) How to obtain file:
Relion XE1112 189.bin a36b6110347ba3628c0654aefe9089ee support@penguincomputing.com
Relion XE2112 189.bin a36b6110347ba3628c0654aefe9089ee support@penguincomputing.com
Relion XE2142 (BMC) 189.bin a36b6110347ba3628c0654aefe9089ee support@penguincomputing.com
Relion XE2142 (CMC 133.bin 036794fa7e6d8e03d70fc47af5c9598b support@penguincomputing.com
Relion XE4112 189.bin a36b6110347ba3628c0654aefe9089ee support@penguincomputing.com
Relion XE1114GT 189.bin a36b6110347ba3628c0654aefe9089ee support@penguincomputing.com
Relion XE2112GT 189.bin a36b6110347ba3628c0654aefe9089ee support@penguincomputing.com
Relion XE2118GT 189.bin a36b6110347ba3628c0654aefe9089ee support@penguincomputing.com
Relion XE4118GT 189.bin a36b6110347ba3628c0654aefe9089ee support@penguincomputing.com
Relion XE4118GTS 189.bin a36b6110347ba3628c0654aefe9089ee support@penguincomputing.com
Relion XO1132g 189.bin a36b6110347ba3628c0654aefe9089ee support@penguincomputing.com
Altus XE1111 189.bin a36b6110347ba3628c0654aefe9089ee support@penguincomputing.com
Altus XE2111 189.bin a36b6110347ba3628c0654aefe9089ee support@penguincomputing.com

Revision History

Revision Date Description
1 2019-07-19 Initial Release