CISA says a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software, which enables attackers to hijack and brick servers, is currently under active exploitation.| BleepingComputer
An attacker armed with the latest knowledge of BMC vulnerabilities and exploits is poised to take control of your server(s). Given that one of these vulnerabilities, CVE-2024-54085, was recently added to the CISA KEV, we now know exploitation is happening in the wild. Organizations must inventory IT assets and then determine if a given vulnerability […]| Eclypsium | Supply Chain Security for the Modern Enterprise
References to Advisories, Solutions, and Tools| nvd.nist.gov
The Eclypsium research team has discovered a previously unknown remotely exploitable vulnerability in AMI’s MegaRAC software that allows attackers to bypass authentication remotely.| Eclypsium | Supply Chain Security for the Modern Enterprise
AMI MegaRAC baseband management controller vulnerability enables attackers to bypass authentication on the Redfish API and deploy malware implants or brick servers.| CSO Online