Supermicro Servers with USBAnywhere Vulnerabilities Could Allow Hackers to Exploit Them Remotely

Supermicro motherboards on Multiple workstations and servers has made them vulnerable to remote attacks. The reason being leaving of one of the internal components exposed on the internet and this could provide a remote attacker full power over a vulnerable server or its contents.

The vulnerabilities were collectively called “USBAnywhere” and allows attackers to obtain credentials for the Baseboard Management Controllers (BMCs) of Supermicro X9-X11 servers.

BMCs are components part of the Intelligent Platform Management Interface (IPMI). IPMI tools are usually found on servers and workstations deployed on enterprise networks. Using IPMI, system administrators can manage them from remote locations, at a level lower and independent from the operating system.

IPMI tools can also allow a remote administrator to connect or send instructions to a PC/server and perform various operations, such as modify OS settings, reinstall the OS, or update drivers.