The newly discovered vulnerabilities could allow attackers to gain control of servers that use AMI's MegaRAC BMC firmware.| CSO Online
According to analysis by firmware security firm Eclypsium, 7,799 HPE iLO (HPE's Integrated Lights-Out) server baseboard management controllers (BMCs) are exposed to the internet and most do not appear to be running the latest version of the firmware. But the problem doesn't stop there.| CSO Online
References to Advisories, Solutions, and Tools| nvd.nist.gov
The Eclypsium research team has discovered a previously unknown remotely exploitable vulnerability in AMI’s MegaRAC software that allows attackers to bypass authentication remotely.| Eclypsium | Supply Chain Security for the Modern Enterprise