TrickBoot
Vulnerability details
Advisory: SB2021030315 - Security restrictions bypass in Supermicro X10 UP-series Denlow motherboards
Vulnerable component: X10SLL-S/-SF
CVE-ID:
CVSSv3 score: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
Description:
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in BIOS firmware for X10 UP-series (H3 Single Socket тАЬDenlowтАЭ) motherboard. A local user can plant malware into motherboard firmware and establish permanent persistence on the system, even if OS is reinstalled.
Note, the vulnerability is being actively exploited in the wild by the TrickBoot malware.
External links:
https://www.supermicro.com/en/support/security/Trickbot