Eclypsium researchers discovered two serious vulnerabilities in the firmware of the baseboard management controller (BMC) The vulnerabilities were found in servers from Lenovo, Gigabyte, and six other manufacturers. The vulnerabilities in server firmware are common and may have a significant impact on enterprise IT Infrastructure. As attackers and nation-states target higher-value assets, BMC and other firmware inside critical servers provide a particularly strategic target. Firmware is quite commonly licensed from a third party and used with little modification.”]
Source: https://eclypsium.com/2019/07/16/vulnerable-firmware-in-the-supply-chain-of-enterprise-servers/

