CVE-2019-6260 has been found to be exploitable on several versions of Quanta Cloud Technology (QCT) servers. Also known as “Pantsdown,” the vulnerability enables an attacker to escape the server host into the Baseboard Management Controller (BMC) and move laterally to other servers. This gives attackers access to make firmware-level changes, making persistence and access significantly easier to implement. The issue with QCT servers D52BQ-2U, D52BQ-2U 3UPI, and D52BV-2U was responsibly disclosed to QCT in October, and a patch has been made available to customers privately.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security