Researchers disclose vulnerabilities in IP KVMs from 4 manufacturers

Security researchers are raising alarms about vulnerabilities associated with inexpensive devices known as IP KVMs, which can empower both insiders and cybercriminals to exploit network systems. Priced between $30 and $100, these compact devices, roughly the size of a deck of cards, enable administrators to remotely manage machines at the BIOS/UEFI level, the foundational firmware that operates prior to the operating system's boot-up. While IP KVMs offer significant convenience for system administrators, they also pose considerable risks if misconfigured or accessed by unauthorized individuals. The exposure of these devices to the internet amplifies the threat, particularly when they are deployed with inadequate security measures. Additionally, inherent firmware vulnerabilities can allow remote attackers to seize control of the devices. On Tuesday, experts from the cybersecurity firm Eclypsium revealed nine distinct vulnerabilities affecting IP KVMs from four different manufacturers. The most concerning weaknesses could grant unverified hackers root access or enable them to execute malicious software on the devices. According to Eclypsium researchers Paul Asadoorian and Reynaldo Vasquez Garcia, "These are not obscure zero-day vulnerabilities that require extensive reverse engineering. They represent basic security protocols that any networked device should have in place, such as input validation, authentication, cryptographic verification, and rate limiting. We are witnessing the same type of security oversights that troubled early IoT devices a decade ago, now manifesting in devices that essentially provide physical access to everything they connect with."