Is it me?
Or does there seem an awful lot of potential attack vectors in all of these layers?
Firstly, ILO, (on HPE servers, HPE's management system) which I've never found particular robust or stable or easy to manage. Maybe the result of the Active Health Management System that excessively wrote to the 4M flash storage and caused premature hardware failure of HP Server's on-board flash storage.
HPE have not helped, they have consistently just batted away the issue (their support is a minefield to navigate, as is updating ILO, formatting it via scripting (not that easy), even just following the advisories etc. Hours upon hours to nothing. The biggest bugbear with so many failed servers due to ILO, was it was initially impossible to update the system ROMPaq on devices out of 1yr warranty, you had to pay to get access to that update.
Only once the issue was identified by HPE, were fixes made available, several years into the problem, long after the flash memory had been damaged beyond repair for most users. The fixes, that have been put out there, seem superficial 'made to look like they work, but don't', HP added "Format Flash" option, (a botch if there ever was) within ILO interface that just doesn't work (yet to find a machine that it did with the affected fault). Fundamentally, it doesn't solve the issue of the hardware onboard flash storage being excessively written by the Health Management System Engine and damaged beyond repair.
Then there is the underlying iffy Intel Linux based management engine, that in effect works across core network and outer RAN designs. Newer Intel chips having a new Linux based sub-system, that seems, could work across core networks, by getting under the radar.
If Government or others, want to write a complete spying sorry 'security' engine to sit on top of a forked/customised OpenRAN implementation, there really isn't much stopping them with this hardware, it's not that the Qualcomm hardware has holes 'as such' (too early to tell), it just has all the acceleration features to enable holes via customised software. The edge cards seem even sold, going by the blurb, with such marketing, incorporated into those Qualcomm Edge Cards, for on-the-fly decryption.
Maybe it is me, but there seem an awful lot of potential attack vectors here in these products, and HP's ILO, really doesn't help things. Dell seem to re-use rebadged Qualcomm cards, from the information on the Qualcomm site.
I suppose the only way we'll find out, is the hard way.