"Unfixable 6-Year-Old BMC Flaw Haunts Intel and Lenovo Servers"

April 11, 2024 at 04:50 PM

•

1 min read

"Unfixable 6-Year-Old BMC Flaw Haunts Intel and Lenovo Servers" — Photo: BleepingComputer

TL;DR Summary

A 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers (BMC) has been overlooked by vendors like Intel and Lenovo, leading to the exfiltration of process memory addresses and potential bypassing of protection mechanisms. The vulnerability, silently patched in 2018, was missed by developers and has impacted a large number of devices, including those from Intel and Lenovo. Despite being notified, impacted models have reached end-of-life and will likely remain vulnerable indefinitely due to the lack of patches, highlighting gaps in the firmware supply chain and the need for greater transparency and awareness.

Topics:technology #bmc #cybersecurity #intel #lenovo #lighttpd #vulnerability

Share this article

Intel and Lenovo servers impacted by 6-year-old BMC flaw BleepingComputer
Hackable Intel and Lenovo hardware that went undetected for 5 years won't ever be fixed Ars Technica
Six-year old bug will likely live forever in Lenovo, Intel products CyberScoop
Unpatchable flaw in tech giants' hardware Fudzilla
How to find AMI MegaRAC BMCs running lighttpd with runZero Security Boulevard

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

82%

536 → 96 words

Want the full story? Read the original article

Read on BleepingComputer

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights