Full Report
ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. [...]
Analysis Summary
As a vulnerability research specialist, here is the summary of the disclosed security flaw:
# Vulnerability: Critical AMI Bug Allowing Remote Server Hijacking and Bricking
## CVE Details
- CVE ID: CVE-2024-54085 (Note: The article mentions AMI released bulletin in 2025, but the CVE identifier appears to be 2024-based based on standard naming conventions, requiring confirmation from the official bulletin, which is not fully available here. Assuming the primary identifier shared is the key one.)
- CVSS Score: Not explicitly provided in the text, but described as **Critical** based on potential impact.
- CWE: Not explicitly provided in the text.
## Affected Systems
- Products: ASUS Workstation Motherboards utilizing vulnerable AMI firmware.
- Versions: Specific BIOS/BMC firmware versions prior to the listed updates.
- Configurations: Vulnerability is exploitable via management interfaces such as Redfish.
## Vulnerability Description
The vulnerability resides in the American Megatrends (AMI) firmware component used in certain servers and workstations. Successful exploitation allows an attacker to remotely control the compromised server, deploy malware (including ransomware), tamper with firmware (BMC or potentially BIOS/UEFI), cause physical damage through over-voltage conditions, or induce indefinite reboot loops that prevent user intervention. The attack vector targets management interfaces like **Redfish**.
## Exploitation
- Status: The description strongly implies a high-risk scenario warranting immediate patching; it doesn't explicitly state 'in the wild' but emphasizes the severe potential impact.
- Complexity: Likely **Medium** to **High**, given it targets firmware management protocols, but the potential impact is catastrophic.
- Attack Vector: **Network** (via management interfaces like Redfish).
## Impact
- Confidentiality: High (Remote control implies access to all server data).
- Integrity: High (Firmware tampering, malware deployment).
- Availability: Critical (Bricking components, indefinite reboot loops).
## Remediation
### Patches
ASUS has released BMC firmware updates addressing this vulnerability for the following workstation motherboard models:
* **PRO WS W790E-SAGE SE**: Update to version **1.1.57**
* **PRO WS W680M-ACE SE**: Update to version **1.1.21**
* **PRO WS WRX90E-SAGE SE**: Update to version **2.1.28**
* **Pro WS WRX80E-SAGE SE WIFI**: Update to version **1.34.0**
### Workarounds
* Prioritize immediate application of the latest BMC firmware updates.
* When applying the firmware update (.ima file) through the web interface, select the **'Full Flash'** option.
* Review and restrict access to the BMC management interfaces (like Redfish) from untrusted networks.
## Detection
- Indicators of Compromise (IOCs): Unexpected server reboots, inaccessible BMC management interface, suspicious firmware versions, successful login attempts to management interfaces from unexpected sources.
- Detection Methods and Tools: Network monitoring focused on traffic to Redfish interfaces. System integrity verification tools may flag unexpected changes in firmware hashes post-patching period.
## References
- Vendor Advisory (AMI): AMI-SA-2025003 (Link defanged: `go[dot]ami[dot]com/hubfs/Security%20Advisories/2025/AMI-SA-2025003[dot]pdf`)
- ASUS Support FAQ for BMC updates (Link defanged: `asus[dot]com/support/faq/1047906/`)
- BleepingComputer Report (Link defanged: `bleepingcomputer[dot]com/news/security/asus-releases-fix-for-ami-bug-that-lets-hackers-brick-servers/`)