#Lenovo

Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw

by

April 15, 2024 at 01:03PM A security flaw in the Lighttpd web server used in BMCs, unpatched by Intel and Lenovo, poses a risk of exfiltrating sensitive data. The absence of prompt security information prevents proper handling of the fixes down firmware and software supply chains. Out-of-bounds read vulnerabilities in susceptible versions of Lighttpd remain … Read more

Intel and Lenovo servers impacted by 6-year-old BMC flaw

by

April 11, 2024 at 12:52PM A 6-year-old vulnerability in Lighttpd web server used in Baseboard Management Controllers, overlooked by vendors like Intel and Lenovo, could lead to memory exfiltration, bypassing protection mechanisms. Binarly discovered a heap out-of-bounds read vulnerability and vendors missed the fix, leading to a massive number of vulnerable devices, with impacted models … Read more