A recent analysis by cybersecurity experts has identified significant vulnerabilities in four widely-used, budget-friendly IP-KVM devices. These flaws provide attackers with BIOS-level access, circumventing operating system protections and security tools.
Unveiling the Risks
The vulnerabilities highlighted by Eclypsium allow attackers to gain unprecedented control over connected systems. Such access is equivalent to having physical control over the machines, enabling attackers to input commands, bypass encryption, and modify BIOS settings without detection by conventional security measures.
This threat is not theoretical. The FBI has been probing incidents involving KVM exploitation, and Microsoft has reported North Korean actors using these vulnerabilities to gain remote control over corporate devices.
Exposed Devices and Vulnerable Vendors
Scans reveal over 1,600 vulnerable devices accessible via the internet, significantly increasing the attack surface. Devices from GL-iNet, Angeet/Yeeso, Sipeed, and JetKVM, typically priced between $30 and $100, are affected.
Flaws include absent firmware signature checks, open debug interfaces, and faulty access controls. Notably, Angeet ES3 KVM’s unauthenticated file upload flaw, when combined with command injection, permits root-level remote code execution.
Strategies for Mitigation
To counter these threats, enterprises must treat IP-KVM devices as critical components of their infrastructure. Eclypsium recommends isolating these devices on dedicated VLANs and ensuring they are not exposed to the internet.
Access should be restricted using strong authentication and VPNs. Organizations should also account for all KVM devices, monitor network traffic for irregularities, and enforce timely firmware updates from manufacturers.
Stay updated on the latest in cybersecurity by following us on Google News, LinkedIn, and X. For more information or to share your stories, contact us today.
