Identifying Vulnerable Boa Web Servers

8 February 2023

1 min Read

Lauren Palmer

Create free account

Understand your cyber risks. Get started today with a free account:

Create a free account

The Boa web server - what is it?

The Boa Web Server was discontinued in 2005, but was a popular web server embedded in IoT devices to access configuration settings.

Why should we be concerned?

Microsoft recently did a survey (Vulnerable SDK components lead to supply chain risks in IoT and OT environments) and found over 1 million Boa web servers exposed on the internet. This is even more concerning given Boa has vulnerabilities that won’t be patched, including:

CVE-2022-45956 - Attackers can bypass authentication
CVE-2018-21028 - Attackers can trigger a memory leak

The CVE Program is maintained by the MITRE corporation and sponsored by the U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA). The CVE List is a list of publicly disclosed cyber security vulnerabilities and exposures that is free to search, use, and incorporate into products and services. - Mitre

TechCrunch highlighted in a November 2022 article that supply chains are at risk because of IoT Devices running Boa Web Server, which could leave Critical National Infrastructure open to attacks.

Don’t worry - use FractalScan Surface to manage your attack surface

FractalScan Surface now identifies Boa Web Servers when it scans your online attack surface and will alert you to any risks it finds.

Boa Web Server Component in FractalScan

About Lauren Palmer

Lauren is a Software Engineer with 5 years of experience problem solving and developing solutions for customers. Her skill set ranges from digital signal processing to web development. At Red Maple Lauren has been focused on the development of products to protect companies from cyber threats.

Understand your cyber risks. Get started with a free account and scan your business today:

Get started

REVIEWS

What our customers think

Ken Shannon

Haas Automation

"FractalScan Surface is an impressive tool that we use to monitor our external cyber risks and those of our dealers worldwide. We've even used it to perform due diligence security checks on third-party suppliers. I appreciate the easy-to-understand summary views, and my team likes that the daily scans automatically reflect their ongoing risk mitigation efforts. I'd really encourage other companies to use this tool and start tracking their cyber risks."

Robin Craib

VTS

"FractalScan's capability to mark domains hosted on shared cloud services gives us the ability to remove risks associated with IP addresses which are not part of our infrastructure, allowing us to focus our resources. The consultancy we've had from the professional services team at Red Maple Technologies confirms the credibility and background of the team building FractalScan. I'm excited to see what's coming next for FractalScan."

CIO

Formula 1

"FractalScan Surface has been great for discovering our online-visible assets and exposures, allowing us to make some immediate improvements to reduce our cyber risk." Daily scanning enables us to keep on top of our external attack surface, which is particularly important to us since we have complex digital content output. FractalScan gives us the view on our data we didn't have."

Andy K.

Financial Services

"Simplicity - give it a domain and it will find out what it can about subdomains, related domains and any issues it identifies with them. We may not be privy to sites or subdomains other parts of the business may implement. FractalScan gives us a discovery tool to identify previously unknown public infrastructure, we can reduce our external attack surface by identifying and resolving issues and getting "old" public infrastructure decommissioned."

Tim N.

Information Technology and Services

"What I appreciate the most about FractalScan is the level of accuracy this platform provides while maintaining a passive approach to data collection. As someone who works in technical sales and consulting, I have a lot of clients working with products in this space. The common problem is the overwhelming amount of results and the operational overhead required to make those results actionable. FractalScan's unique solution provides results that are immediately accurate and actionable."

Jason C.

Financial Services

"FractalScan Surface provides a compact and concise overview of vulnerabilities that have been identified on our assets. It is important for teams to be able to understand the issue, prioritise remediation activities and focus on removing vulnerabilities from our estate....this tool enables all of this and has proven to find vulnerabilities that other tools do not."

Jack S.

Information Technology and Services

"FractalScan Surface delivers an exceptional experience, principally by enhancing our understanding of customers' digital assets. The platform's intuitive interface facilitates a user-friendly experience that our team appreciates. This, in turn, allows us to proactively identify vulnerabilities and address them before they escalate. We've found the platform to be markedly superior to its market counterparts in terms of capability and efficiency. Integration into our existing business processes was seamless, minimising any potential operational interruptions."