On Monday researchers at Eclypsium reported 3 vulnerabilities impacting MegaRAC Baseboard Management Controller (BMC), which is used by over a dozen manufacturers for managing server products. The first of the vulnerabilities, CVE-2022-40259, is given a CVSS score of 9.9, and gives an attacker with callback privileges or higher on the device arbitrary code execution capabilities. The second, CVE-2022-40242, is given a CVSS score of 8.3, and specifically concerns the default password for the sysadmin user’s hash, which can be easily found and cracked. The final vulnerability, CVE-2022-2827, is given a CVSS score of 7.5, and enables an attacker to enumerate valid user accounts via password reset request. Both of the higher-severity vulnerabilities effectively grant the attacker root privileges if exploited.
Manufacturers that use MegaRAC BMC:
- Ampere Computing
- Dell EMC
- HP Enterprise