UNDER ATTACK?

Security Advisory: MSI

Introduction

Swascan Offensive Security Team has identified at least 3 Critical vulnerabilities on MSI digital assets passively identified by using the Domain Threat Intelligence (DTI) service.

Micro-Star International (MSI) is a Taiwanese multinational computer company headquartered in New Taipei with subsidiaries in the Americas, Europe, Asia, Australia and South Africa.

It designs, develops and supplies computer hardware, related products and services, including: laptops, desktops, motherboards, graphics cards, All-in-One computers, servers, industrial computers, PC peripherals, car infotainment products, and others. The company also produces graphics card chipset for both AMD and nVidia. Some computer manufacturers such as Alienware and Falcon Northwest sell PCs equipped with MSI motherboards. MSI also produces motherboards suitable for overclocking. MSI products are sold at retail, OEM parts, or to other companies.

Figure 1 Domain Threat Intelligence

Technical Summary

During passive vulnerability checks on some well-known internet domains, Swascan’s Cyber Security Research Team detected some important vulnerabilities on a specific IP.

Detected vulnerabilities were:

VulnerabilitySeverity
CWE-287: Improper Authentication
CVSS: 9.8		Unauthenticated Arbitrary File ReadCritical
CWE-522: Insufficiently Protected Credentials
CVE: 9.8		Password DisclosureCritical
CWE-78: OS Command Injection
CVSS: 9.8		Remote Command ExecutionCritical

Swascan recommends to upgrade the exposed services, check the configuration and/or close related ports if not needed in order to mitigate the risk.

In the following section we report more technical details including evidences and proof-of-concepts.

Unauthenticated Arbitrary File Read vulnerability to Remote Command Execution

Description

The remote service is vulnerable to a Arbitrary File Read, Password Disclosure and Remote Command Execution weaknesses.

A remote unauthenticated adversary could leverage on these vulnerabilities in order to disclose important information about the server and application configuration, including credentials and ultimately gain access to the server and its internal network.

Remediation

Swascan recommends to:

  • Correct the vulnerability, restricting read access only to intended directories and files.
  • Encrypt passwords in configuration files whenever possible;Set file permission correctly in order to deny read/write access to unauthorized users.
  • Disable the management interface access from the internet.

Outcome

After compiling this disclosure, Swascan contacted MSI with all the details and the POC.

The vendor has acknowledged the vulnerability and promptly fixed them, thanking Swascan for its contribution.

Security advisory: Visual Tools DVR (CVE-2021-42071)
Vulnerability Disclosure - Solari di Udine (CVE-2021-35380)
NAVIGATION
TINEXTA CYBER S.P.A.

COMPANY SUBJECT TO MANAGEMENT AND COORDINATION
OF TINEXTA S.P.A.

Registered office Piazza Sallustio 9, 00187 Rome
REA RM–1626691 | VAT number/tax code 15971011000 |
Cap.Soc. €1,000,000

© 2024 | Tinexta Cyber S.p.A.

Cyber Incident Swascan Emergency

Contact us for immediate support

The undersigned, as data subject, DECLARES that I have read and understood the content of the privacy policy pursuant to Article 13, GDPR. AGREE to the processing of data in relation to the sending by the Data Controller of commercial and / or promotional communications relating to (i) own products / services, or (ii) products / services offered by third parties.
The consent given may be revoked at any time by contacting the Data Controller at the addresses provided in the aforementioned privacy policy.