Security Advisory: MSI

Introduction

Swascan Cyber Security Team has identified at least 3 Critical vulnerabilities on MSI digital assets passively identified by using the Domain Threat Intelligence (DTI) service.

Micro-Star International (MSI) is a Taiwanese multinational computer company headquartered in New Taipei with subsidiaries in the Americas, Europe, Asia, Australia and South Africa.

It designs, develops and supplies computer hardware, related products and services, including: laptops, desktops, motherboards, graphics cards, All-in-One computers, servers, industrial computers, PC peripherals, car infotainment products, and others. The company also produces graphics card chipset for both AMD and nVidia. Some computer manufacturers such as Alienware and Falcon Northwest sell PCs equipped with MSI motherboards. MSI also produces motherboards suitable for overclocking. MSI products are sold at retail, OEM parts, or to other companies.

Figure 1 Domain Threat Intelligence

Technical Summary

During passive vulnerability checks on some well-known internet domains, Swascan’s Cyber Security Research Team detected some important vulnerabilities on a specific IP.

Detected vulnerabilities were:

Vulnerability Severity
CWE-287: Improper Authentication
CVSS: 9.8
Unauthenticated Arbitrary File Read Critical
CWE-522: Insufficiently Protected Credentials
CVE: 9.8
Password Disclosure Critical
CWE-78: OS Command Injection
CVSS: 9.8
Remote Command Execution Critical

Swascan recommends to upgrade the exposed services, check the configuration and/or close related ports if not needed in order to mitigate the risk.

In the following section we report more technical details including evidences and proof-of-concepts.

Unauthenticated Arbitrary File Read vulnerability to Remote Command Execution

Description

The remote service is vulnerable to a Arbitrary File Read, Password Disclosure and Remote Command Execution weaknesses.

A remote unauthenticated adversary could leverage on these vulnerabilities in order to disclose important information about the server and application configuration, including credentials and ultimately gain access to the server and its internal network.

Remediation

Swascan recommends to:

  • Correct the vulnerability, restricting read access only to intended directories and files.
  • Encrypt passwords in configuration files whenever possible;Set file permission correctly in order to deny read/write access to unauthorized users.
  • Disable the management interface access from the internet.

Outcome

After compiling this disclosure, Swascan contacted MSI with all the details and the POC.

The vendor has acknowledged the vulnerability and promptly fixed them, thanking Swascan for its contribution.

Our Services

Vulnerability
Assessment

Network
Scan

Penetration
Testing

Domain threat
Intelligence

Cyber Threat
Intelligence

Malware Threat
intelligence

ICT Security
Assessment

Phishing
Attack Simulation

Smishing
Attack Simulation

Cyber Incident
Response

SoC
as a Service

Security
Management

Exit mobile version