Summary: A critical vulnerability identified as CVE-2024-54085 in AMI’s MegaRAC BMC software poses a severe risk, allowing attackers to bypass authentication and execute damaging actions remotely. The flaw has a CVSS score of 10.0 and allows for the potential for malware deployment, server manipulation, and indefinite device downtimes. AMI has provided patches to address the vulnerability, and downstream users are urged to update their systems accordingly.
Affected: AMI MegaRAC BMC software, HPE Cray XD670, Asus RS720A-E11-RS24U, ASRockRack
Keypoints :
- A vulnerability in the MegaRAC BMC software allows local or remote attackers to bypass authentication.
- The exploitation can lead to server control, remote malware deployment, and system disruptions.
- Patches are available, but implementation requires device downtime, impacting numerous manufacturers due to AMI’s position in the BIOS supply chain.
Source: https://thehackernews.com/2025/03/new-critical-ami-bmc-vulnerability.html