Security researchers have identified a critical vulnerability in AMI’s MegaRAC software, known as CVE-2024-54085. This defect allows attackers to remotely bypass authentication, thereby threatening the integrity of myriad data center equipment and servers, and potentially jeopardizing the security of cloud infrastructures globally. The vulnerability was found in the Redfish interface, influencing a range of servers like HPE Cray XD670 and Asus RS720A-E11-RS24U. Approximate findings suggest around 1,000 instances vulnerable on the public internet. The exposure of this vulnerability has severe consequences, enabling attackers to commandeer servers, install malicious software, interfere with hardware, and cause other destabilizing actions, leading to significant operational disruption and potential data loss for affected organizations.
Source: https://cybersecuritynews.com/critical-ami-bmc-vulnerability/
"id": "ami444032025",
"linkid": "ami",
"type": "Vulnerability",
"date": "3/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"