Cyber Security News

Severe AMI BMC Vulnerability Enables Remote Authentication Bypass by Attackers

A critical vulnerability has been discovered in AMI’s MegaRAC software, which is used in Baseboard Management Controllers (BMCs) across various server hardware.

This vulnerability, identified as CVE-2024-54085, allows attackers to bypass authentication remotely, posing a significant risk to cloud infrastructure and data centers worldwide.

The issue is a continuation of previous vulnerabilities disclosed by Eclypsium, highlighting the ongoing challenges in securing BMCs, which are crucial for remote server management.

Background

The vulnerability exploits a weakness in the Redfish interface of MegaRAC, allowing unauthorized access to BMCs.

This can lead to severe consequences, including remote control of compromised servers, deployment of malware or ransomware, firmware tampering, and even physical damage to server components.

The vulnerability affects several devices, including the HPE Cray XD670 and Asus RS720A-E11-RS24U, with potentially more devices impacted due to the widespread use of AMI’s BMC software across multiple manufacturers.

A search using Shodan revealed approximately 1,000 exposed instances, indicating a substantial risk if these systems are not patched promptly.

Impact

The exploitation mechanism involves crafting specific HTTP headers to bypass authentication checks.

By manipulating the “X-Server-Addr” header, attackers can trick the system into accepting unauthorized access.

This vulnerability is particularly concerning because it can be exploited without any user interaction, and the CVSS scores reflect its high severity, with a score of 10.0 for systems exposed to the internet.

AMI has released patches for the vulnerability, but applying these fixes requires device downtime, making remediation a complex process.

Organizations are advised to ensure that all remote management interfaces are not exposed externally and to restrict internal access to authorized personnel.

Regular software and firmware updates are crucial, along with monitoring server firmware for signs of compromise.

Additionally, new equipment should be thoroughly checked for outdated firmware and potential supply chain risks.

Eclypsium’s research emphasizes the importance of robust security measures for BMCs, given their critical role in data center operations.

As no known exploits are currently observed in the wild, organizations have a window to secure their systems before potential attacks occur.

However, the ease of creating exploits once the vulnerability is understood underscores the urgency of implementing patches and security best practices.

Are you from SOC/DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Start Now for Free. 

Aman Mishra

Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Recent Posts

Gunra Ransomware’s Double‑Extortion Playbook and Global Impact

Gunra Ransomware, has surfaced as a formidable threat in April 2025, targeting Windows systems across…

5 hours ago

Hackers Exploit 21 Apps to Take Full Control of E-Commerce Servers

Cybersecurity firm Sansec has uncovered a sophisticated supply chain attack that has compromised 21 popular…

5 hours ago

Hackers Target HR Departments With Fake Resumes to Spread More_eggs Malware

The financially motivated threat group Venom Spider, also tracked as TA4557, has shifted its focus…

5 hours ago

RomCom RAT Targets UK Organizations Through Compromised Customer Feedback Portals

The Russian-based threat group RomCom, also known as Storm-0978, Tropical Scorpius, and Void Rabisu, has…

6 hours ago

Hackers Use Pahalgam Attack-Themed Decoys to Target Indian Government Officials

The Seqrite Labs APT team has uncovered a sophisticated cyber campaign by the Pakistan-linked Transparent…

6 hours ago

LUMMAC.V2 Stealer Uses ClickFix Technique to Deceive Users into Executing Malicious Commands

The LUMMAC.V2 infostealer malware, also known as Lumma or Lummastealer, has emerged as a significant…

6 hours ago