A serious flaw has been identified in several computers, and it will never be corrected
A serious vulnerability that went unidentified for five years affects devices by Lenovo and Intel.
Unfortunately, it will now remain uncorrected.
A cybersecurity firm, Binarly, has revealed an unpatched vulnerability in the firmware of some older Lenovo and Intel devices, potentially allowing hackers to compromise these machines.
The issue with the mentioned older devices is that their support has ended, and the manufacturers will not release any patches for these security vulnerabilities. The flaw is located in Lighttpd, an open-source web server software which might not be widely recognized but is used in a variety of technological products, including firmware components.
This vulnerability in Lighttpd, which allows remote exploitation, was discovered in 2018. It could enable cybercriminals to access critical security information.
Although the developers of Lighttpd discreetly fixed the vulnerability in their code, they did not issue a CVE identifier for it, which would have allowed companies utilizing the Lighttpd software in their products to patch the vulnerability. This situation is critical given the software's usage in products for which American Megatrends International provides firmware software, as noted by Ars Technica.
The necessary corrections for this flaw will never be made for certain hardware, especially since the official support cycle for most of these devices has already ended.
While the report did not specify the affected devices, this case highlights the risks associated with using outdated, unsupported devices and the significant gap created when manufacturers quickly phase out support for their previous products.
Even if the current vulnerability does not by itself pose a serious threat, it could be the first step towards launching a more severe attack.