CVE-2022-3287 is a medium-severity vulnerability affecting the fwupd software, specifically related to its Redfish plugin. fwupd is a Linux daemon used for managing firmware updates on various hardware devices. The vulnerability arises when an OPERATOR user account is created on the Baseboard Management Controller (BMC). During this process, the Redfish plugin auto-generates a password for the OPERATOR account and saves it in the configuration file located at /etc/fwupd/redfish.conf. However, this file is not properly permission-restricted, allowing any local user on the system to read the file and thus obtain the OPERATOR account password. This vulnerability is categorized under CWE-256 (Plaintext Storage of a Password) and CWE-552 (Files or Directories Accessible to External Parties). The CVSS 3.1 score is 6.5, indicating a medium severity level, with the vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This means the vulnerability can be exploited remotely over the network with low attack complexity, requires low privileges (a user with some access), no user interaction, and impacts confidentiality with high impact but no impact on integrity or availability. The vulnerability was fixed in fwupd version 1.8.5. No known exploits are reported in the wild. The core issue is the insecure storage of sensitive credentials in a world-readable configuration file, which could allow unauthorized local users to escalate privileges or access management functions on the BMC via the compromised OPERATOR account credentials.

For European organizations, this vulnerability poses a significant risk especially in environments where fwupd is deployed on servers or critical infrastructure systems that utilize BMCs for remote management. Unauthorized access to the OPERATOR account credentials could allow attackers or malicious insiders to gain elevated access to hardware management interfaces, potentially leading to unauthorized firmware updates, hardware configuration changes, or persistent backdoors at the firmware level. This could compromise the confidentiality of sensitive system management operations and potentially lead to further lateral movement within the network. Given that many European enterprises and data centers rely on Linux-based systems and BMCs for server management, the exposure of these credentials could undermine the security of critical infrastructure and enterprise IT environments. The vulnerability does not directly impact system integrity or availability but the confidentiality breach could facilitate more severe attacks if combined with other vulnerabilities or insider threats.

European organizations should ensure that fwupd is updated to version 1.8.5 or later where this vulnerability is patched. In addition, organizations should audit the permissions of the /etc/fwupd/redfish.conf file and restrict access strictly to privileged users only (e.g., root or fwupd service accounts). Implementing file system access controls such as SELinux or AppArmor policies to enforce strict read permissions on sensitive configuration files is recommended. Organizations should also monitor for any unauthorized access attempts to BMC interfaces and review logs for suspicious activity related to OPERATOR account usage. Where possible, disable or limit the creation of OPERATOR accounts unless absolutely necessary. Employ network segmentation to restrict access to BMC management interfaces to trusted administrative hosts only. Finally, conduct regular security assessments and penetration tests focusing on firmware management and BMC security to detect potential exploitation attempts early.