AMI MegaRAC Firmware Flaw Puts Thousands of Servers at Risk of Complete Control
AI-summarised brief · reviewed before publication
AMI MegaRAC is a widely used firmware package employed in servers from prominent manufacturers such as AMD, ARM, Fujitsu, Gigabyte, Supermicro, and Qualcomm. A critical vulnerability, carrying a severity rating of 10 out of a possible 10, has been discovered in this firmware package. The US Cybersecurity and Infrastructure Security Agency (CISA) has warned that this vulnerability, tracked as CVE-2024-54085, is being actively exploited by hackers. The vulnerability resides in the baseboard management controllers (BMCs) of server motherboards. These microcontrollers are responsible for remotely accessing and managing large fleets of servers, even when power is unavailable or the operating system is not functioning. Administrators utilize BMCs to reinstall operating systems, install or modify applications, and make configuration changes to multiple servers without being physically present. Successful compromise of a single BMC can have far-reaching consequences, allowing attackers to pivot into internal networks and compromise all other BMCs. The vulnerability was discovered by security firm Eclypsium and disclosed in March. The disclosure included proof-of-concept exploit code, which enables a remote attacker to create an admin account without providing any authentication. Initially, there were no known reports of the vulnerability being actively exploited. However, on Wednesday, CISA added CVE-2024-54085 to its list of vulnerabilities known to be exploited in the wild. The notice did not provide further details on the attacks. Eclypsium researchers stated in an email on Thursday that the scope of the exploits has the potential to be broad. With no publicly known details of the ongoing attacks, it's unclear which groups may be behind them.
