Zero-day vulnerability in X10SLL-S/-SF

Security restrictions bypass

Known malware:

TrickBoot

Vulnerability details

Advisory: SB2021030315 - Security restrictions bypass in Supermicro X10 UP-series Denlow motherboards

Vulnerable component: X10SLL-S/-SF

CVE-ID:

CVSSv3 score: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description:

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in BIOS firmware for X10 UP-series (H3 Single Socket тАЬDenlowтАЭ) motherboard. A local user can plant malware into motherboard firmware and establish permanent persistence on the system, even if OS is reinstalled.

Note, the vulnerability is being actively exploited in the wild by the TrickBoot malware.

External links:

https://www.supermicro.com/en/support/security/Trickbot