Swascan Offensive Security Team has identified at least 3 Critical vulnerabilities on MSI digital assets passively identified by using the Domain Threat Intelligence (DTI) service.
Micro-Star International (MSI) is a Taiwanese multinational computer company headquartered in New Taipei with subsidiaries in the Americas, Europe, Asia, Australia and South Africa.
It designs, develops and supplies computer hardware, related products and services, including: laptops, desktops, motherboards, graphics cards, All-in-One computers, servers, industrial computers, PC peripherals, car infotainment products, and others. The company also produces graphics card chipset for both AMD and nVidia. Some computer manufacturers such as Alienware and Falcon Northwest sell PCs equipped with MSI motherboards. MSI also produces motherboards suitable for overclocking. MSI products are sold at retail, OEM parts, or to other companies.
During passive vulnerability checks on some well-known internet domains, Swascan’s Cyber Security Research Team detected some important vulnerabilities on a specific IP.
Detected vulnerabilities were:
|CWE-287: Improper Authentication|
|Unauthenticated Arbitrary File Read||Critical|
|CWE-522: Insufficiently Protected Credentials|
|CWE-78: OS Command Injection|
|Remote Command Execution||Critical|
Swascan recommends to upgrade the exposed services, check the configuration and/or close related ports if not needed in order to mitigate the risk.
In the following section we report more technical details including evidences and proof-of-concepts.
Unauthenticated Arbitrary File Read vulnerability to Remote Command Execution
The remote service is vulnerable to a Arbitrary File Read, Password Disclosure and Remote Command Execution weaknesses.
A remote unauthenticated adversary could leverage on these vulnerabilities in order to disclose important information about the server and application configuration, including credentials and ultimately gain access to the server and its internal network.
Swascan recommends to:
- Correct the vulnerability, restricting read access only to intended directories and files.
- Encrypt passwords in configuration files whenever possible;Set file permission correctly in order to deny read/write access to unauthorized users.
- Disable the management interface access from the internet.
After compiling this disclosure, Swascan contacted MSI with all the details and the POC.
The vendor has acknowledged the vulnerability and promptly fixed them, thanking Swascan for its contribution.