A critical security vulnerability, CVE-2024-54085, has been identified in AMI's MegaRAC Baseboard Management Controller (BMC) software. This vulnerability, with a CVSS v4 score of 10.0, allows attackers to bypass authentication and execute post-exploitation actions. The flaw can be exploited through remote management interfaces or internal host interfaces, enabling attackers to control compromised servers, deploy malware, and potentially cause physical damage to server components. This vulnerability is part of a series of security issues in AMI MegaRAC BMCs, highlighting ongoing risks in this software.
The vulnerability poses significant risks, including the potential for indefinite device downtime due to malicious commands causing continuous reboots. While no active exploitation has been reported, the vulnerability affects several devices, including HPE Cray XD670 and Asus RS720A-E11-RS24U. AMI has released patches to address the issue, and major manufacturers like HPE and Lenovo have already integrated these fixes into their products. However, patching requires device downtime, complicating the update process for affected organizations.
This development underscores the importance of maintaining up-to-date security measures and highlights the challenges of managing vulnerabilities in widely used software components. Organizations using affected devices should prioritize applying patches once available from OEM vendors to mitigate potential risks. The situation also emphasizes the need for robust security practices to prevent exploitation of such vulnerabilities.
CVE-2024-54085 is a critical vulnerability in AMI's MegaRAC BMC software that allows attackers to bypass authentication and execute various malicious actions. With a CVSS v4 score of 10.0, it represents a maximum severity threat. Exploitation can lead to remote control of servers, malware deployment, firmware tampering, and potential physical damage to server components. The vulnerability can also cause devices to enter indefinite reboot loops, resulting in significant operational disruptions.
The vulnerability is part of a broader set of issues identified in AMI MegaRAC BMCs since December 2022. These include arbitrary code execution via Redfish API (CVE-2022-40259), default credentials for UID = 0 shell via SSH (CVE-2022-40242), and authentication bypass via HTTP header spoofing (CVE-2023-34329). CVE-2024-54085 shares similarities with CVE-2023-34329 in its authentication bypass capability and impact.
Clients using devices with AMI's MegaRAC BMC software are at risk of significant operational disruptions due to CVE-2024-54085. Exploitation could lead to server control loss, malware infections, and potential physical damage to hardware components. The resulting downtime from continuous reboot loops could severely impact business operations and lead to financial losses. Additionally, organizations may face reputational damage if data breaches occur due to this vulnerability.
From a compliance perspective, failure to address this vulnerability could result in regulatory challenges, especially for industries with strict data protection requirements. Organizations must ensure timely patching and adherence to security best practices to avoid potential audits or penalties related to data breaches or operational failures.
To mitigate the risks associated with CVE-2024-54085 and related vulnerabilities, clients should consider the following actions:
These steps will assist in reducing the risk of exploitation and minimizing potential impacts on business operations. Organizations should remain vigilant and proactive in their security efforts, ensuring that all systems are regularly updated and monitored for signs of compromise.
1898 & Co is actively addressing the current threat landscape by offering specialized services designed to mitigate risks associated with vulnerabilities like CVE-2024-54085. Our team provides comprehensive security assessments and patch management solutions tailored to client needs, ensuring timely updates and protection against emerging threats.
We are enhancing our existing security protocols by incorporating advanced threat intelligence and monitoring capabilities. This allows us to detect potential exploitation attempts early and respond effectively to minimize impact on client operations. Our collaborative efforts with industry partners enable us to stay informed about the latest developments and share critical insights with our clients.
Our ongoing research focuses on identifying new vulnerabilities and developing innovative solutions to address them. We have successfully assisted clients in mitigating similar threats through targeted interventions and strategic planning, demonstrating our commitment to safeguarding their digital assets.