Summary: AMI has issued security advisories regarding several vulnerabilities in its BIOS and BMC firmware, with potential impacts including arbitrary code execution and denial of service. Among these, CVE-2024-54085 poses the most significant risk, allowing remote authentication bypass with a critical CVSS score of 10. Users are urged to update their systems to the latest firmware versions to mitigate these risks.
Affected: AMI firmware and BMC software
Keypoints :
- Critical vulnerability CVE-2024-54085 allows remote attackers to bypass authentication, risking complete system compromise.
- Vulnerability CVE-2024-54084 in AptioV BIOS could lead to arbitrary code execution through a race condition.
- EDK2 vulnerability, CVE-2024-12546, could be exploited to cause denial of service due to an integer overflow.
- AMI recommends users update to version BKC_5.38 for AptioV and EDK2, and versions SPx_12.7+ or SPx_13.5 for SPx BMC vulnerabilities.
Source: https://securityonline.info/cve-2024-54085-ami-spx-vulnerability-scores-critical-cvss-10/