Critical 'Pantsdown' BMC Vulnerability Affects QCT Servers Used in Data Centers
May 26, 2022
Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe "Pantsdown" Baseboard Management Controller (BMC) flaw, according to new research published today. "An attacker running code on a vulnerable QCT server would be able to 'hop' from the server host to the BMC and move their attacks to the server management network, possibly continue and obtain further permissions to other BMCs on the network and by doing that gaining access to other servers," firmware and hardware security firm Eclypsium said . A baseboard management controller is a specialized system used for remote monitoring and management of servers, including controlling low-level hardware settings as well as installing firmware and software updates. Tracked as CVE-2019-6260 (CVSS score: 9.8), the critical security flaw came to light in January 2019 and relates to a case of arbitrary read and write access to the BMC's physical address space, resulting in a