Summary: A critical vulnerability in AMIโs baseboard management controller (BMC) firmware, tracked as CVE-2024-54085, could enable remote attacks on millions of devices. This flaw may allow authentication bypass and presents significant risks, including the potential for malicious code deployment and physical damage. AMI and several OEMs have begun issuing advisories and patches in response to the threat.
Affected: AMI BMC firmware used by various manufacturers including HPE, Asus, Lenovo, Dell, and others.
Keypoints :
- A new vulnerability CVE-2024-54085 could expose devices to remote attacks.
- This vulnerability may allow attackers to bypass authentication and remotely control affected machines.
- Over 1,000 vulnerable MegaRAC instances have been identified, with potentially more at risk in local or network attack scenarios.
Source: https://www.securityweek.com/critical-ami-bmc-vulnerability-exposes-servers-to-disruption-takeover/