The US Cybersecurity and Infrastructure Security Agency (CISA) warns of a severe vulnerability (CVE-2024-54085) in AMI MegaRAC firmware, affecting major server manufacturers. This high-severity exploit allows hackers to gain unauthorized access and manage servers remotely. Found by Eclypsium, the vulnerability enables attackers to bypass authentication via simple web requests to baseboard management controllers (BMCs). If exploited, attackers could create admin accounts without credentials, potentially leading to broader network compromises by chaining multiple exploits. Administrators are urged to secure vulnerable BMCs to prevent such attacks.
Hackers are exploiting a maximum-severity vulnerability that has the potential to give them complete control over thousands of servers, many of which handle mission-critical tasks inside data centers.
CVE-2024-54085 allows for authentication bypasses by making a simple web request to a vulnerable BMC device over HTTP, permitting attackers to create an admin account without authentication.
The vulnerability resides in the AMI MegaRAC, a widely used firmware package that allows large fleets of servers to be remotely accessed and managed even when power is unavailable.
The potential impact of this vulnerability is severe, as a successful compromise of a single BMC can pivot attacks into internal networks, compromising all other BMCs.
Collection
[
|
...
]