Summary: A critical vulnerability (CVE-2024-54085) in American Megatrends International’s MegaRAC Baseboard Management Controller (BMC) software could allow remote attackers to take control of and damage servers without user interaction. This flaw affects a variety of server vendors, putting many cloud service and data center providers at risk. Security researchers recommend that affected organizations apply patches immediately to mitigate this risk.
Affected: American Megatrends International (AMI) and various server vendors including HPE, Asus, and ASRock.
Keypoints :
- Vulnerability allows remote unauthenticated access, potentially leading to server hijacking and physical damage.
- Over 1,000 servers are exposed to the Internet and susceptible to this vulnerability.
- Immediate patching is essential to protect affected systems from exploitation.