Supermicro

A new remote attack vector on Supermicro servers was found that exposed their BMC port over the internet.

More than 47,000 workstations and servers, possibly more, running on Supermicro motherboards were being open to attacks because administrators had left an internal component exposed on the internet.

The company recommended its customers install the latest patches to completely mitigate the USBAnywhere attack vector for good.

A scan of TCP port 623 across the Internet revealed 47,339 BMCs from over 90 different countries with the affected virtual media service publicly accessible.

Source: https://www.zdnet.com/article/over-47000-supermicro-servers-are-exposing-bmc-ports-on-the-internet/

"id": "SUP31410423",
"linkid": "supermicro",
"type": "Vulnerability",
"date": "09/2019",
"severity": "25",
"impact": "2",
"explanation": "Attack limited on finance or reputation"