Over 47,000 Supermicro servers are exposing BMC ports on the internet
Security researchers with Eclypsium have discovered that more than 47,000 servers and other machines relying on Supermicro motherboards are at risk of attacks due to a number of security flaws collectively referred to as USBAnywhere.
The vulnerabilities impact the baseboard management controller (BMC) firmware of Supermicro motherboards that is designed to provide admins with remote access to machines. The flaws could enabled attackers to steal data from vulnerable machines and carry out numerous other attacks. Supermicro has released patches for the vulnerabilities, and is also urging users to restrict the exposure of BMC management interfaces to the Internet.