Critical AMI-BMC vulnerability CVE-2024-54085 allows server takeover

Posted on 2025-03-24 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Brief warning or information for administrators who use AMI MegaRAC BMC. The company has already published a security warning on March 11, 2025. There is a critical vulnerability CVE-2024-54085 (CVSS v4 score of 10.0), which should allow a remote server takeover or even "bricking" a server.

Advertising

I became aware of the issue with the vulnerability CVE-2024-54085 via the following tweet. The Hacker News has taken up the topic in this articleAMI-BMC Vulnerability

The BIOS/UEFI developer AMI warns of a vulnerability in the AMI MegaRAC BMC. The vulnerability in the AMI MegaRAC SPx firmware allows an attacker to bypass the authentication of the BMC remotely via the Redfish host interface. Successful exploitation of this vulnerability can lead to a loss of confidentiality, integrity and/or availability. Eclypsium has published more details in this article and names affected devices.

Advertising
This entry was posted in devices, Security, Software and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).