CVE-2024-21935
📋 TL;DR
This vulnerability allows attackers with existing Redfish API access to manipulate commands and delete files from the local root directory on AMD Satellite Management Controller systems. This could lead to data corruption or system instability. Only systems with AMD SMC and Redfish API access are affected.
💻 Affected Systems
- AMD Satellite Management Controller (SMC)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Critical system files are deleted, causing complete system failure, data loss, and requiring full system restoration.
Likely Case
Selective file deletion causing service disruption, configuration loss, or partial data corruption requiring manual recovery.
If Mitigated
Limited impact due to restricted Redfish API access, with only non-critical files potentially affected.
🎯 Exploit Status
Requires authenticated access to Redfish API and knowledge of specific command manipulation techniques
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check AMD-SB-6016 for specific patched firmware versions
Vendor Advisory: https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6016.html
Restart Required: No
Instructions:
1. Review AMD-SB-6016 advisory 2. Download appropriate SMC firmware update 3. Apply update via SMC management interface 4. Verify update completion
🔧 Temporary Workarounds
Restrict Redfish API Access
allLimit Redfish API access to trusted management networks and authorized users only
Configure network ACLs to restrict SMC Redfish API endpoints
Implement strong authentication for Redfish access
Disable Unnecessary Redfish Features
allDisable Redfish file manipulation capabilities if not required for operations
Review and disable unnecessary Redfish service extensions in SMC configuration
🧯 If You Can't Patch
- Implement strict network segmentation to isolate SMC management interfaces
- Enforce least privilege access controls for Redfish API users
🔍 How to Verify
Check if Vulnerable:
Check SMC firmware version against affected versions listed in AMD-SB-6016 advisoryCheck Version:
Check via SMC web interface or Redfish API: GET /redfish/v1/Managers/SMCVerify Fix Applied:
Verify SMC firmware version matches patched version from AMD-SB-6016📡 Detection & Monitoring
Log Indicators:
- Unusual Redfish API file deletion commands
- Multiple failed file manipulation attempts
- SMC system log entries indicating file removal
Network Indicators:
- Suspicious Redfish API POST/PATCH requests to file-related endpoints
- Unusual traffic patterns to SMC management interface
SIEM Query:
source="smc_logs" AND (event="file_deletion" OR command="delete_file")