Blackcore Clients,
In today’s letter, I wanted to disclose a vulnerability in the IPMI firmware used in motherboards and IPMI cards used in Blackcore systems, as well as provide the mitigation steps to resolve this vulnerability.
The issue
We’ve been made aware that some versions of the IPMI firmware used on our G3 platforms has a potential vulnerability related to CVE-2024-54085 – https://nvd.nist.gov/vuln/detail/CVE-2024-54085.
Exploitation is only possible with access to the IP interface of the IPMI system. If your network is not externally available and only privileged networks can access the system, then you are less likely to be susceptible.
The attack involves sending a POST command to create a new administrator user without any need for credential validation. This is achieved by sending the POST request with the header:
“X-Server-Addr”: “169.254.0.17:”
More information can be found here.
Mitigation steps
We have provided a firmware fix which you can download below. Any version prior to the listed version may be affected by the vulnerability.
You can follow the usual steps for flashing the firmware – please see this article for additional help.
Systems affected:
|
System |
Mitigated Version |
DL Link |
|
3100-RL+, 3100-RZ |
1.60.12 |
|
|
SPR-M, SPR-X, 3100-SM+, 3100-SX+ |
1.60.15 |
|
|
3100-TX |
2.60.1 |
If you have any questions, please reach out to your account manager or feel free to contact me or Blackcore Support directly.
Thanks,
James Lupton
James Lupton