Felix Pinkston
June 5, 2025 11:35
BMC (Baseboard Management Controllers) is essential for remote management of data centers, but there is a significant security risk. NVIDIA’s research shows vulnerabilities and provides solutions.
BMC (Baseboard Management Controllers) is essential for the operation of the latest data center and provides remote management for server reconstruction, hardware monitoring and firmware updates. But according to NVIDIA, the built -in processor introduces significant security vulnerabilities.
Understanding BMC vulnerability
The NVIDIA Offensive Security Research (OSR) team recently performed a comprehensive analysis of BMC firmware and confirmed 18 vulnerabilities. This includes certificate processing defects and memory corruption bugs, allowing attackers to get unauthorized access and maintain continuous existence in the data center infrastructure.
Double characteristics of BMC
BMCS does not need to power the host system for essential functions such as BIOS settings and firmware updates. But they also offer an extended attack surface. Compromising, BMC can emphasize the need for strict security measures by providing a secret access to many systems to the attacker.
BMC weakness abuse
The OSR team has often found that BMC is often vulnerable to classical memory exploits due to lack of modern security, such as the address space layout (ASLR). Such weaknesses are used to obtain complete remote access, allowing unauthorized operation, such as boot loader parameters modifying and disabling security boot.
The influence of the industry as a whole
If you identify these vulnerabilities, NVIDIA is American Megatends Inc. (AMI) worked in cooperation with the patch. This collaboration emphasizes the need for a wide range of distribution of affected firmware and the need for recognition and measures of the industry to protect BMC.
Recommendations for security teams
To alleviate the security risk of BMC, companies recommend:
- Separate the BMC interface from the security network.
- Check the regular firmware update and track the CVE.
- Integrate the BMC event into a security monitoring strategy.
- It requires powerful security practices of suppliers, including implementation of basic mitigation such as ASLR and stack protection.
Pre -security measures
NVIDIA’s initiative to identify and disclose BMC vulnerabilities is to strengthen the data center security of the industry as a whole. By solving the overlooked components and challenging existing homes, NVIDIA aims to improve the security of the entire data center ecosystem.
Image Source: Shutter Stock