Ethical Hacking News
CISA has confirmed that a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software is now actively exploited in attacks, posing significant risks to the federal enterprise and other organizations. The vulnerability can be exploited by remote unauthenticated attackers to hijack and potentially brick unpatched servers. Read more about this critical security flaw and what organizations can do to patch and mitigate its impact.
CISA has confirmed a maximum severity vulnerability in AMI's MegaRAC BMC software, tracked as CVE-2024-54085, is actively exploited in attacks.The vulnerability poses significant risks to the federal enterprise and other organizations that rely on AMI's BMC software.Authentication bypass security flaw allows remote unauthenticated attackers to hijack servers without user interaction.Exploitation of this vulnerability can lead to server control, malware deployment, firmware tampering, and potential physical damage.CISA has added the vulnerability to the Known Exploited Vulnerabilities catalog and urges patching as soon as possible.
CISA has confirmed that a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software is now actively exploited in attacks. This critical security flaw, tracked as CVE-2024-54085, poses significant risks to the federal enterprise and other organizations that rely on AMI's BMC software.
The MegaRAC BMC firmware provides remote system management capabilities for troubleshooting servers without being physically present, and it is used by several vendors, including HPE, Asus, and ASRock, that supply equipment to cloud service providers and data centers. The authentication bypass security flaw can be exploited by remote unauthenticated attackers in low-complexity attacks that do not require user interaction to hijack and potentially brick unpatched servers.
"Exploitation of this vulnerability allows an attacker to remotely control the compromised server, remotely deploy malware, ransomware, firmware tampering, bricking motherboard components (BMC or potentially BIOS/UEFI), potential server physical damage (over-voltage / bricking), and indefinite reboot loops that a victim cannot stop," explained supply chain security company Eclypsium who discovered the vulnerability.
Eclypsium researchers discovered CVE-2024-54085 while analyzing patches issued by AMI for another authentication bypass bug (CVE-2023-34329) disclosed in July 2023. In March, when the AMI released security updates to fix CVE-2024-54085, Eclypsium found more than 1,000 servers online that were potentially exposed to attacks and stated that creating an exploit is "not challenging," seeing that MegaRAC BMC firmware binaries are not encrypted.
According to CISA, the vulnerability only affects AMI's BMC software stack. However, since AMI is at the top of the BIOS supply chain, the downstream impact affects over a dozen manufacturers. The cybersecurity agency has confirmed that the vulnerability is now actively exploited in attacks and added it to the Known Exploited Vulnerabilities catalog.
As mandated by the November 2021 Binding Operational Directive (BOD) 22-01, Federal Civilian Executive Branch (FCEB) agencies have three weeks, until July 16th, to patch their servers against these ongoing attacks. Although BOD 22-01 only applies to federal agencies, all network defenders are advised to prioritize patching this vulnerability as soon as possible to block potential breaches.
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned.
The discovery of CVE-2024-54085 highlights the importance of timely and effective vulnerability patching, especially in critical infrastructure and cloud service providers. The fact that over 1,000 servers were found to be potentially exposed to attacks within a short period of time underscores the urgent need for immediate action.
In recent years, CISA has been actively warning about various vulnerabilities in popular software products, emphasizing the importance of prompt patching and robust security measures. The recent case of CVE-2024-54085 serves as another reminder that no organization is immune to cyber threats, and that vigilance and proactive measures are essential to mitigate these risks.
In conclusion, the recent discovery of CVE-2024-54085 highlights the need for organizations to prioritize patching and vulnerability management. The fact that this critical security flaw was exploited in attacks underscores the urgent need for immediate action to prevent potential breaches.
Related Information:
https://www.ethicalhackingnews.com/articles/CISA-Warns-of-Critical-AMI-MegaRAC-Vulnerability-Exploited-in-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/security/cisa-ami-megarac-bug-that-lets-hackers-brick-servers-now-actively-exploited/
Published: Thu Jun 26 04:53:34 2025 by llama3.2 3B Q4_K_M
