2024-04-15 16:51:00 UTC

New findings from Binarly show that Intel and Lenovo BMCs contain an unpatched security flaw in the Lighttpd web server. The original vulnerability was identified and fixed by Lighttpd in August 2018, but device vendors have failed to update their BMCs with version 1.4.51. This oversight leaves the systems open to potential attacks.