A severe vulnerability discovered in American Megatrends International’s (AMI) MegaRAC Baseboard Management Controller (BMC) software has raised alarms in the cybersecurity world. This vulnerability, if exploited, could allow attackers to take control of vulnerable servers remotely or even cause irreparable damage to hardware. Here’s a breakdown of the problem, its potential impact, and the actions that organizations need to take to safeguard their systems.
the Vulnerability
The MegaRAC BMC software is used widely across server systems, providing out-of-band management capabilities that allow administrators to troubleshoot and manage servers remotely as if they were physically present. It is an essential tool for server vendors such as HPE, Asus, ASRock, and others, often employed by cloud service providers and data centers.
The vulnerability identified as CVE-2024-54085 is a critical flaw that allows remote attackers to bypass authentication mechanisms without needing any user interaction. This means that attackers can exploit the flaw simply by accessing the remote management interfaces or internal BMC interfaces, potentially compromising the server. If exploited, the vulnerability could allow attackers to:
– Gain full remote control of the server
– Deploy malware or ransomware
- Tamper with firmware, potentially bricking motherboard components (BMC or BIOS/UEFI)
- Cause physical damage through over-voltage or perpetual reboot loops
Eclypsium, a cybersecurity firm, discovered the vulnerability during their analysis of patches AMI released for a previous vulnerability (CVE-2023-34329). The researchers confirmed that a number of server models, including the HPE Cray XD670, Asus RS720A-E11-RS24U, and ASRockRack, are affected. However, they warned that many more devices may be at risk.
The vulnerability affects more than just one specific patch. Eclypsium previously disclosed a series of flaws in MegaRAC BMC firmware, some of which can allow hackers to hijack servers, inject malware, or cause them to crash. Additionally, weak password hashes in the firmware (CVE-2022-40258) make it easier for attackers to compromise administrative accounts, further simplifying the exploit process.
Though there have been no confirmed real-world attacks using CVE-2024-54085 yet, the fact that the firmware binaries are unencrypted makes it relatively easy for attackers to create an exploit. Security experts are advising organizations to apply the latest patches released on March 11, 2025, by AMI, Lenovo, and HPE, to mitigate the risk.
The vulnerability is confined to AMI’s BMC software stack, but since AMI is at the core of many BIOS systems, it has a widespread downstream impact, affecting numerous manufacturers. This highlights the importance of addressing the flaw quickly to avoid severe consequences.
What Undercode Says:
The discovery of CVE-2024-54085 underscores an ongoing issue in the server ecosystem: the lack of robust security measures in out-of-band management systems. MegaRAC BMC, a widely used remote management tool, is not isolated in its vulnerabilities. The repeated discoveries of flaws in this system indicate a systemic issue that requires urgent attention.
The fact that this vulnerability allows for remote exploitation with minimal effort is particularly concerning. It highlights the growing sophistication of cyberattacks that no longer require physical access to target systems. Attackers only need to find a way into remote management interfaces such as Redfish, and from there, they can hijack, control, and destroy servers with devastating results.
What makes this vulnerability even more alarming is its low barrier to exploitation. Unlike other security flaws that may require complex attack vectors or insider knowledge, CVE-2024-54085 can be exploited by unauthenticated, remote attackers without any user interaction. This opens the door for widespread attacks against unpatched systems. Moreover, the fact that the firmware binaries are not encrypted makes creating an exploit a relatively simple task for attackers.
Organizations that rely on servers using MegaRAC BMC must prioritize patching and mitigate the risk of exposure. The number of affected devices is substantial, and it is only a matter of time before malicious actors take advantage of the flaw. Additionally, the vulnerability’s potential to cause physical damage to hardware further elevates its criticality. Server administrators need to take swift action to apply the patches issued by AMI, Lenovo, and HPE.
Another important takeaway from this discovery is the increasing need for secure password management and authentication in management systems like BMC. Weak password hashes in firmware have already led to breaches in previous cases, making it clear that any weaknesses in authentication can serve as gateways for even more severe exploits. Companies should focus on strengthening authentication processes, utilizing multi-factor authentication where possible, and ensuring that all devices are properly secured against unauthorized access.
Finally, the sheer volume of affected devices means that it is unlikely that any one company can manage this threat alone. Manufacturers, especially those working with AMI’s firmware, must act quickly to implement patches, notify customers, and ensure that security updates are rolled out across the board.
Fact Checker Results:
- CVE-2024-54085 is a critical vulnerability that poses a significant risk to servers using MegaRAC BMC software.
- The vulnerability can be exploited remotely, with no user interaction required, allowing attackers to hijack or damage servers.
- Network defenders are advised to apply patches and closely monitor servers to detect any suspicious activity.
References:
Reported By: https://www.bleepingcomputer.com/news/security/critical-ami-megarac-bug-can-let-attackers-hijack-brick-servers/
Extra Source Hub:
https://www.quora.com/topic/Technology
Wikipedia
Undercode AI
Image Source:
Pexels
Undercode AI DI v2
