7.2 CVE-2024-10237

 

There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process
https://nvd.nist.gov/vuln/detail/CVE-2024-10237

Categories

CWE-345 : Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Distributed Control System (DCS) does not sign firmware images and only relies on insecure checksums for integrity checks Distributed Control System (DCS) does not sign firmware images and only relies on insecure checksums for integrity checks Remote Terminal Unit (RTU) does not use signatures for firmware images and relies on insecure checksums

References


 

CPE

cpe start end


REMEDIATION




EXPLOITS


Exploit-db.com

id description date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits


CAPEC


Common Attack Pattern Enumerations and Classifications

id description severity
111 JSON Hijacking (aka JavaScript Hijacking)
High
141 Cache Poisoning
High
142 DNS Cache Poisoning
High
148 Content Spoofing
Medium
218 Spoofing of UDDI/ebXML Messages
Medium
384 Application API Message Manipulation via Man-in-the-Middle
Low
385 Transaction or Event Tampering via Application API Manipulation
Medium
386 Application API Navigation Remapping
Medium
387 Navigation Remapping To Propagate Malicious Content
Medium
388 Application API Button Hijacking
Medium
665 Exploitation of Thunderbolt Protection Flaws
Very High
701 Browser in the Middle (BiTM)
High


MITRE


Techniques

id description
T1211 Exploitation for Defensive Evasion
T1491 Defacement
T1542.002 Pre-OS Boot:Component Firmware
T1556 Modify Authentication Process
T1557.002 Adversary-in-the-Middle: ARP Cache Poisoning
T1584.002 Compromise Infrastructure: DNS Server
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Mitigations

id description
M1051 Update software regularly by employing patch management for internal enterprise endpoints and servers.
M1053 Consider implementing IT disaster recovery plans that contain procedures for taking regular data backups that can be used to restore organizational data. Ensure backups are stored off system and is protected from common methods adversaries may use to gain access and destroy the backups to prevent recovery.
M1051 Perform regular firmware updates to mitigate risks of exploitation and/or abuse.
M1018 Ensure that proper policies are implemented to dictate the the secure enrollment and deactivation of authentication mechanisms, such as MFA, for user accounts.
M1017 Train users to be suspicious about certificate errors. Adversaries may use their own certificates in an attempt to intercept HTTPS traffic. Certificate errors may arise when the application’s certificate does not match the one expected by the host.
M1056 This technique cannot be easily mitigated with preventive controls since it is based on behaviors performed outside of the scope of enterprise defenses and controls.
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation.