GIGABYTE Server Management (GSM) Software Update for Security Vulnerabilities

Jan 18, 2023

Giga Computing Technology Co., Ltd. acknowledges the security vulnerabilities affecting GIGABYTE’s server products that are using the following software and users are suggested updating to the latest version as shown in the bracket:

 

        Gigabyte Server Manager (GSM) Server (version 2.12)

 

The security vulnerabilities including remote code execution with root/SYSTEM permissions can be exploited by remote attackers performing an XSS attack. To mitigate the risk of exploitation, GIGABYTE has released new GSM Server versions for the vulnerabilities as listed below. Updated GSM Server versions to address the threats are available on all affected product pages.

 

Vulnerabilities: Unauthenticated Stored Cross Site Scripting in username at login request

Description: An external malicious JaveScript is executed when being inputted as username during an unauthenticated login attempt.

 

Vulnerabilities: (CSRF) Any user or operator can create a user with ROLE_ADMIN rights

Description: Due to the problem existing in certain versions of Java security framework, the web application is vulnerable for an CSRF attack since any user has rights to create a new user with ADMIN rights using certain GET request.

 

Vulnerabilities: Authenticated Local File Path Disclosure

Description: A display problem causing the web application to reveal the local path if an error occurs while uploading a file.

 

Vulnerabilities: Authenticated user can exploit a Remote Code Execution vulnerability sending a crafted HTTP request under root/SYSTEM context

Description: Due to unsuccessful filtering of external commands, regular users can run commands when meeting certain requirements. It allows the user to perform system commands under root privileges, which is an admin users’ feature.

 

Vulnerabilities: Default configuration vulnerable to CVE-2020-1938 on port 8009

Description: The version of the JServ Protocol served on port 8009 by default is vulnerable to CVE-2020-1938, which can lead to returning arbitrary files from anywhere in the web application.

 

Vulnerabilities: Hardcoded credentials for rack management mode and keystores [private key retrievable for tomcat cert and update_cacert]

Description: Problems were found in Tomcat settings script and hard coding, causing potential leakage of hardcoded passwords for tomcat cert and update_cacert keystores.

 

Vulnerabilities: Tomcat version EOL

Description: The used tomcat version no longer gets any security updates due to EOL and is vulnerable to Tomcat path traversal via reverse proxy mapping.

 

Vulnerabilities: Misc vulnerabilities

Description: The following used versions of Spring Framework and Log4j were indicated as vulnerable:

u   spring.version 4.0.1 RELEASE

u   log4j.version 2.17.0 RELEASE

 

Vulnerabilities: Stored cross site scripting

Description: Malicious JavaScript can be triggered and executed if users fill in JavaScript code as username during the creation of a new deployment.

 

 

*Please navigate to the "Support" section of the relevant product page to download the updated firmware.

*For any further assistance regarding this issue please contact your Giga Computing sales representative, or create a new support ticket at https://esupport.gigabyte.com