Researchers have disclosed vulnerabilities in low-cost IP KVMs from four manufacturers, which can be exploited via internet exposure with weak security configurations, insider connections, or firmware flaws to gain remote BIOS/UEFI-level access and compromise networks. The article does not provide specific CVSS scores, affected version ranges, fixed versions, or explicit workarounds.
Researchers are warning about the risks posed by a low-cost device that can give insiders and hackers unusually broad powers in compromising networks. The devices, which typically sell for $30 to $100, are known as IP KVMs. Administrators often use them to remotely access machines on networks. The devices, not much bigger than a deck of cards, allow the machines to be accessed at the BIOS/UEFI level, the firmware that runs before the loading of the operating system. This provides power and convenience to admins, but in the wrong hands, the capabilities can often torpedo what might otherwise be a secure network. Risks are posed when the devices—which are exposed to the Internet—are deployed with weak security configurations or surreptitiously connected to by insiders. Firmware vulnerabilities also leave them open to remote takeover. Read full article Comments