{"id":50346,"date":"2023-01-31T22:35:00","date_gmt":"2023-01-31T22:35:00","guid":{"rendered":"https:\/\/www.darkreading.com\/vulnerabilities-threats\/firmware-flaws-could-spell-lights-out-for-servers"},"modified":"2023-01-31T22:35:00","modified_gmt":"2023-01-31T22:35:00","slug":"firmware-flaws-could-spell-lights-out-for-servers","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/","title":{"rendered":"Firmware Flaws Could Spell &#8216;Lights Out&#8217; for Servers"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb6af53e2fe4ab3c3\/62683f97c4e0fa6a2ac50010\/servers-iac-monsitj-AdobeStock.jpeg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Five vulnerabilities in the baseboard management controller (BMC) firmware used in servers of 15 major vendors could give attackers the ability to remotely compromise the systems widely used in data centers and for cloud services.<\/p>\n<p>The vulnerabilities, two of which were disclosed this week by hardware security firm Eclypsium, occur in system-on-chip (SoC) computing platforms that use AMI&#8217;s MegaRAC Baseboard Management Controller (BMC) software for remote management. The flaws could impact servers produced by at least 15 vendors, including AMD, Asus, ARM, Dell, EMC, Hewlett-Packard Enterprise, Huawei, Lenovo, and Nvidia.<\/p>\n<p>Eclypsium disclosed three of the vulnerabilities in December, but withheld information on two additional flaws until this week in order to allow AMI more time to mitigate the issues.<\/p>\n<p>Since the vulnerabilities can only be exploited if the servers are connected directly to the Internet, the extent of the vulnerabilities is hard to measure, says Nate Warfield, director of threat research and intelligence at Eclypsium.<\/p>\n<p>&#8220;We really don&#8217;t know what the what the blast radius is on this, because while we know some of the platforms, we don&#8217;t have any details as to [how] prolific these things are,&#8221; he says. &#8220;You know, did they sell 100,000 of them? Did they sell 10 million of them? We just don&#8217;t know.&#8221;<\/p>\n<p>Baseboard management controllers are typically a single chip \u2014 or system-on-chip (SoC) \u2014 installed on a motherboard to allow administrators to remotely manage servers with near total control. AMI&#8217;s MegaRAC is a collection of software based on the Open BMC firmware project, an open source project for developing and maintaining an accessible baseboard management controller firmware.<\/p>\n<p>Many server makers rely on BMC software to allow administrators to take complete control of the server hardware at a low level, giving it access to &#8220;lights-out&#8221; features, <a href=\"https:\/\/eclypsium.com\/2022\/12\/05\/supply-chain-vulnerabilities-put-server-ecosystem-at-risk\/\" target=\"_blank\" rel=\"noopener\">the Eclypsium advisory stated<\/a>. Because the software is widely used, the footprint of the vulnerable features is quite large.<\/p>\n<p>&#8220;[V]ulnerabilities in a component supplier affect many hardware vendors, which in turn can pass on to many cloud services,&#8221; Eclypsium stated in its advisory. &#8220;As such these vulnerabilities can pose a risk to servers and hardware that an organization owns directly as well as the hardware that supports the cloud services that they use.&#8221;<\/p>\n<p>AMI is the latest baseboard management controller (BMC) software maker to have vulnerabilities found in their code. In 2022, Eclypsium also <a href=\"https:\/\/www.darkreading.com\/cloud\/quanta-servers-caught-with-pantsdown-bmc-vuln\" target=\"_blank\" rel=\"noopener\">found vulnerabilities in Quanta Cloud Technology (QCT) servers<\/a> that have found common use by cloud firms. And <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/firmware-weaknesses-can-turn-computer-subsystems-into-trojans\" target=\"_blank\" rel=\"noopener\">previous research by the company<\/a> in 2020 found that the lack of signed firmware in laptops and servers could allow an attacker to install a Trojan horse to remote control the devices.<\/p>\n<h2 class=\"regular-text\">December Flaws Most Serious<\/h2>\n<p>The two latest flaws released on January 30 include two lower severity issues. The first vulnerability (<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2022-26872\" target=\"_blank\" rel=\"noopener\">CVE-2022-26872<\/a>) gives an attacker the ability to reset a password if they can time the attack during a narrow window between when a one-time password is validated and when the new password is sent by the user. In the second security issue (<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2022-40258\" target=\"_blank\" rel=\"noopener\">CVE-2022-40258<\/a>), the password file is hashed with a weak algorithm, Eclypsium stated.<\/p>\n<p>Both issues are less severe than the three vulnerabilities disclosed in December, which include two vulnerabilities \u2014 a dangerous command in the BMC&#8217;s API (<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2022-40259\" target=\"_blank\" rel=\"noopener\">CVE-2022-40259<\/a>) and a default credential (<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2022-40242\" target=\"_blank\" rel=\"noopener\">CVE-2022-40242<\/a>) \u2014 that could allow simple remote code execution, Eclypsium stated in the advisory. The other vulnerability (<a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2022-2827\" target=\"_blank\" rel=\"noopener\">CVE-2022-2827<\/a>) allows an attacker to remotely enumerate usernames via the API.<\/p>\n<p>The Redfish API replaces previous versions of the Intelligent Platform Management Interface (IPMI) in modern data centers, with support from major server vendors and the Open BMC project, according to Eclypsium.<\/p>\n<p>Eclypsium conducted its analysis of the AMI software after the code was leaked to the Internet by a ransomware group. AMI is not thought to be the source of the leaked software code; rather, the code is a result of a third-party vendor being hit by ransomware, Warfield says.<\/p>\n<p>&#8220;What we&#8217;ve discovered back in the summer was that somebody had leaked intellectual property for a bunch of technology companies onto the Internet,&#8221; he says. &#8220;And, as we were digging through it &#8230; trying to figure out what it was and who had it, we came across some of AMI&#8217;s intellectual property. So we kind of started digging into that to see what we could find.&#8221;<\/p>\n<h2 class=\"regular-text\">Patching Rate Unknown<\/h2>\n<p>AMI has issued patched software for all five vulnerabilities, and now the mitigation of the vulnerabilities is in the hands of server makers and their customers.<\/p>\n<p>Already, many vendors \u2014 such as HPE, Intel, and Lenovo \u2014 have issued advisories to their customers. However, patching those servers will be up to the companies who have the servers deployed in their data centers.<\/p>\n<p>Firmware patching tends to happen at a glacial rate, which should be a worry, says Warfield.<\/p>\n<p>&#8220;The tricky part is the the time between the patches coming out and people actually applying them,&#8221; he says. &#8220;BMC is not something with, sort of, a Windows update mechanism, where you can say, &#8216;Oh, I&#8217;ve got 100,000 servers that are affected. Let me just push this out to all of them.'&#8221;<\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/firmware-flaws-could-spell-lights-out-for-servers\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Five vulnerabilities in the baseboard management controller (BMC) software used by 15 major vendors could allow remote code execution if attackers gain network access.Read More <a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/firmware-flaws-could-spell-lights-out-for-servers\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-50346","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Firmware Flaws Could Spell &#039;Lights Out&#039; for Servers 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Firmware Flaws Could Spell &#039;Lights Out&#039; for Servers 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-31T22:35:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb6af53e2fe4ab3c3\/62683f97c4e0fa6a2ac50010\/servers-iac-monsitj-AdobeStock.jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Firmware Flaws Could Spell &#8216;Lights Out&#8217; for Servers\",\"datePublished\":\"2023-01-31T22:35:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/\"},\"wordCount\":857,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb6af53e2fe4ab3c3\/62683f97c4e0fa6a2ac50010\/servers-iac-monsitj-AdobeStock.jpeg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/\",\"name\":\"Firmware Flaws Could Spell 'Lights Out' for Servers 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb6af53e2fe4ab3c3\/62683f97c4e0fa6a2ac50010\/servers-iac-monsitj-AdobeStock.jpeg\",\"datePublished\":\"2023-01-31T22:35:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#primaryimage\",\"url\":\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb6af53e2fe4ab3c3\/62683f97c4e0fa6a2ac50010\/servers-iac-monsitj-AdobeStock.jpeg\",\"contentUrl\":\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb6af53e2fe4ab3c3\/62683f97c4e0fa6a2ac50010\/servers-iac-monsitj-AdobeStock.jpeg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Firmware Flaws Could Spell &#8216;Lights Out&#8217; for Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Firmware Flaws Could Spell 'Lights Out' for Servers 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/","og_locale":"en_US","og_type":"article","og_title":"Firmware Flaws Could Spell 'Lights Out' for Servers 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-01-31T22:35:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb6af53e2fe4ab3c3\/62683f97c4e0fa6a2ac50010\/servers-iac-monsitj-AdobeStock.jpeg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Firmware Flaws Could Spell &#8216;Lights Out&#8217; for Servers","datePublished":"2023-01-31T22:35:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/"},"wordCount":857,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb6af53e2fe4ab3c3\/62683f97c4e0fa6a2ac50010\/servers-iac-monsitj-AdobeStock.jpeg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/","url":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/","name":"Firmware Flaws Could Spell 'Lights Out' for Servers 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb6af53e2fe4ab3c3\/62683f97c4e0fa6a2ac50010\/servers-iac-monsitj-AdobeStock.jpeg","datePublished":"2023-01-31T22:35:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb6af53e2fe4ab3c3\/62683f97c4e0fa6a2ac50010\/servers-iac-monsitj-AdobeStock.jpeg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltb6af53e2fe4ab3c3\/62683f97c4e0fa6a2ac50010\/servers-iac-monsitj-AdobeStock.jpeg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/firmware-flaws-could-spell-lights-out-for-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Firmware Flaws Could Spell &#8216;Lights Out&#8217; for Servers"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50346","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50346"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50346\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50346"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50346"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50346"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}