Search This Blog

Showing posts with label Critical Flaw. Show all posts

Lenovo: No Fix for High-Severity Flaw in Legacy IBM System X Servers

 

Lenovo stated that two legacy IBM System x server models that were discontinued in 2019 are vulnerable to attack and will not receive security fixes. However, the firm is providing a workaround mitigation solution. 

Both the IBM System x 3550 M3 and IBM System x 3650 M3 are vulnerable to command injection attacks. An attacker can use a vulnerable programme called Integrated Management Module to execute arbitrary instructions on either server model's operating system (IMM). 

IMM performs system management functions. Serial and Ethernet connections on the back panel of System x models use the IMM for device management. 

According to a Lenovo advisory published Tuesday, the flaw is in the IMM firmware code and “could allow the execution of operating system commands over an authenticated SSH or Telnet session.” 

Secure Shell, often known as SSH, is a cryptographic network communication technology that allows two computers to interact or transfer files. Telenet is another network protocol that permits remote users to log into another machine on the same network. Telnet does not encrypt data delivered over its connection by default. 

The flaw, which has been assigned the number CVE-2021-3723, was discovered on Wednesday by Denver Abrey, a bug hunter. 

In June 2020, eight vulnerabilities in a subsequent version of IMM, known as IMM2, were discovered, three of which were of high severity. These issues were found in the client-side code called libssh2, which is accountable for executing the SSH2 protocol. 

The System x 3550 M3 and System x 3650 M3 were announced as medium‐sized corporate solutions on April 5, 2011. Lenovo stated on June 30, 2015, that both systems will be terminated, but security updates would be provided for another five years. 

Software and security support for the System x 3550 and 3650 ended on December 31, 2019, according to the Lenovo security notice. 

Lenovo wrote, “Lenovo has historically provided service and support for at least five years following a product’s withdrawal from marketing. This is subject to change at Lenovo’s sole discretion without notice. Lenovo will announce a product’s EOS date at least 90 days before the actual EOS date and in most cases longer.”

Lenovo stated on Wednesday that it recommends discontinuing the use of both servers, but that it had a mitigation approach. 

If it is not possible to stop using these systems, Lenovo suggests: 
  • Disable SSH and Telnet (This can be done in the Security and Network Protocol sections of the navigation pane after logging into the IMM web interface) 
  • During initial configuration, change the default Administrator password. 
  • Enforce the use of strong passwords. 
  • Only give trustworthy admins access. 
Lenovo did not comment if it was familiar with any active campaigns aimed at exploiting the flaw.

Millions of HP OMEN Gaming PCs Impacted by Driver Vulnerability

 

On Tuesday, security experts revealed data about a high-severity weakness in the HP OMEN driver software, which affects millions of gaming laptops worldwide and leaves them vulnerable to various cyberattacks. 

The vulnerability is tracked as CVE-2021-3437 with a CVSS score: 7.8. Threat actors may escalate privileges to kernel mode without having administrator rights, enabling them to deactivate security products, overwrite system components, and even damage the operating system. 

The complete list of vulnerable devices includes HP ENVY, HP Pavilion, OMEN desktop gaming systems, and OMEN and HP Pavilion gaming laptops. 

SentinelOne, a cybersecurity firm that identified and communicated the flaw to HP on February 17, claimed it discovered no trace of in-the-wild exploitation. Customers have subsequently received a security update from the company to address the flaw. 

The problems are caused by OMEN Command Center, a pre-installed component on HP OMEN laptops and desktops and can also be downloaded from the Microsoft Store. The program is meant to assist smooth network activity, overclock the gaming PC for quicker computer performance, and monitor the GPU, CPU, and RAM through a vitals dashboard. 

Souce of flaw

According to research shared with The Hacker News by SentinelOne, "The problem is that HP OMEN Command Center includes a driver that, while ostensibly developed by HP, is actually a partial copy of another driver full of known vulnerabilities." 

"In the right circumstances, an attacker with access to an organization's network may also gain access to execute code on unpatched systems and use these vulnerabilities to gain local elevation of privileges. Attackers can then leverage other techniques to pivot to the broader network, like lateral movement." 

HpPortIox64.sys is the driver in issue, and it gets its functionality from OpenLibSys-developed-WinRing0.sys, which was the origin of a local privilege escalation flaw in EVGA Precision X1 software last year (CVE-2020-14979, CVSS score: 7.8). 

In August 2020, researchers from SpecterOps highlighted, "WinRing0 allows users to read and write to arbitrary physical memory, read and modify the model-specific registers (MSRs), and read/write to IO ports on the host. These features are intended by the driver's developers. However, because a low-privileged user can make these requests, they present an opportunity for local privilege escalation." 

This is the second time WinRing0.sys has been identified as a source of security vulnerabilities in HP products. 

In October 2019, SafeBreach Labs discovered a critical vulnerability in HP Touchpoint Analytics software (CVE-2019-6333), which is included with the driver, possibly enabling malicious actors to read arbitrary kernel memory and effectively allowlist malicious payloads via a signature validation bypass. 

The discovery is the third in a series of security flaws affecting software drivers that SentinelOne has discovered since the beginning of the year. 

Earlier this year, they found a 12-year-old privilege escalation problem in Microsoft Defender Antivirus (previously Windows Defender) that hackers could exploit to acquire admin access on unpatched Windows computers.

And last month, SentinelOne reported on a 16-year-old security flaw discovered in an HP, Xerox, and Samsung printer driver that allows attackers to obtain administrative access to computers running the vulnerable software.