Submission + - Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat (arstechnica.com)
couchslug writes: Quanta not patching vulnerable baseboard management controllers leaves data centers vulnerable. Pantsdown was disclosed in 2019....
"The power and ease of use of the Pantsdown exploit are by no means new. What is new, contrary to expectations, is that these types of attacks have remained possible on BMCs that were using firmware QCT provided as recently as last month.
QCT's decision not to publish a patched version of its firmware or even an advisory, coupled with the radio silence with reporters asking legitimate questions, should be a red flag. Data centers or data center customers working with this company's BMCs should verify their firmware's integrity or contact QCT's support team for more information."
"The power and ease of use of the Pantsdown exploit are by no means new. What is new, contrary to expectations, is that these types of attacks have remained possible on BMCs that were using firmware QCT provided as recently as last month.
QCT's decision not to publish a patched version of its firmware or even an advisory, coupled with the radio silence with reporters asking legitimate questions, should be a red flag. Data centers or data center customers working with this company's BMCs should verify their firmware's integrity or contact QCT's support team for more information."
Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat More Login
Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat
Slashdot Top Deals