Summary: A critical vulnerability, CVE-2024-540385, has been discovered in HPE Cray XD670 servers that utilize the AMI BMC Redfish API, enabling remote authentication bypass with a CVSS score of 10. This poses a significant threat as attackers could gain unauthorized access to the server’s baseboard management controller (BMC). HPE has released an updated firmware version 1.19 to mitigate the vulnerability, and administrators are urged to update promptly.
Affected: HPE Cray XD670 servers (prior to BMC v1.19)
Keypoints :
- Vulnerability CVE-2024-540385 allows remote authentication bypass.
- Attackers could gain complete control over the server’s management capabilities.
- HPE has released firmware update version 1.19; administrators are advised to upgrade without delay.