Actively exploited vulnerability gives extraordinary control over server fleets
10 months ago
- #Vulnerability
- #Remote Access
- #Cybersecurity
- Hackers are exploiting a maximum-severity vulnerability (CVE-2024-54085) in AMI MegaRAC firmware.
- The vulnerability has a severity rating of 10/10 and allows complete control over servers via BMCs.
- BMCs (Baseboard Management Controllers) enable remote server management, even when powered off or OS is down.
- Compromising a single BMC can pivot attackers into internal networks to compromise other BMCs.
- The vulnerability permits authentication bypass via a simple HTTP web request to the BMC.
- Discovered by Eclypsium in March, PoC exploit code allows creating admin accounts without credentials.
- No known active exploits were reported at the time of disclosure.