A severe security vulnerability in AMI's MegaRAC BMC software, labeled CVE-2024-54085, has been identified, scoring a CVSS v4 rating of 10.0. This issue allows both local and remote attackers to bypass authentication, which can lead to disastrous consequences such as remote control over servers, deployment of malware, and physical damage to server components. Affected devices include HPE Cray XD670 and ASUS RS720A. While AMI has released patches, users need to ensure they update their systems through OEM vendors, as the patching process requires considerable device downtime.
The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity, allowing attackers to bypass authentication.
Exploitation of this vulnerability allows an attacker to remotely control the compromised server, deploy malware, firmware tampering, and potentially cause physical server damage.
CVE-2024-54085 is the latest in a series of security flaws found in AMI MegaRAC BMCs, which could lead to significant disruption and server downtime.
Patching these vulnerabilities is a non-trivial exercise, requiring device downtime. Users must coordinate with OEMs for updates to safeguard their systems.
Collection
[
|
...
]