A severe security vulnerability has been identified in the MegaRAC Baseboard Management Controller (BMC) software developed by AMI, which could potentially allow an attacker to bypass authentication and execute malicious actions after exploitation.
This vulnerability, tracked under the identifier CVE-2024-54085, has been assigned a CVSS v4 score of 10.0, signifying the highest level of severity.
According to a report shared with The Hacker News by firmware security company Eclypsium, a local or remote attacker can exploit this vulnerability by accessing either the remote management interfaces (Redfish) or the internal host to the BMC interface (Redfish).
Upon successful exploitation, an attacker can remotely control the compromised server, deploy malware or ransomware, tamper with the firmware, cause physical damage to motherboard components (including the BMC or potentially the BIOS/UEFI), and initiate indefinite reboot loops that the victim cannot stop.
This vulnerability can be further exploited to launch disruptive attacks by continuously rebooting susceptible devices, potentially leading to indefinite downtime until the devices are re-provisioned.
CVE-2024-54085 represents the latest discovery in a series of security flaws affecting AMI MegaRAC BMCs, which have been collectively tracked as BMC&C since December 2022.
Eclypsium noted that CVE-2024-54085 bears similarities to CVE-2023-34329, as both enable authentication bypass with comparable consequences. The affected devices include –
- HPE Cray XD670
- Asus RS720A-E11-RS24U
- ASRockRack
AMI has issued patches to address this vulnerability as of March 11, 2025. Although there is no evidence of wild exploitation, it is crucial for downstream users to update their systems once OEM vendors incorporate these patches and release them to their customers.
Eclypsium emphasized that patching these vulnerabilities is a complex process requiring device downtime. However, since AMI’s BMC software stack is widely used, the downstream impact affects over a dozen manufacturers.
