A new vulnerability dubbed Cloudborne can allow attackers to implant backdoor implants in the firmware or BMC of bare metal servers that survive client reassignment in bare metal and general cloud services, leading to a variety of attack scenarios.
Organizations deploying critical high-value apps on bare metal servers through Infrastructure as a Service (IaaS) offerings consider it the best alternative to buying their own hardware because this allows for easy and quick scaling of cloud-based applications without the need of sharing the hardware with other users.
While this generally means that an organization's critical apps are always running on dedicated servers, the fact that those servers are reclaimed and re-assigned once the client no longer needs them exposes them to firmware weaknesses and vulnerabilities that can persist between customer assignments.
Full Article.