Full Report
CISA says a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software, which enables attackers to hijack and brick servers, is currently under active exploitation. [...]
Analysis Summary
# Vulnerability: AMI MegaRAC Firmware Vulnerability Enabling Server Hijacks
## CVE Details
- CVE ID: CVE-2024-54085 (Implied based on CISA addition context, though not explicitly listed in the text snippet)
- CVSS Score: Not explicitly provided in the text.
- CWE: Not explicitly provided in the text.
## Affected Systems
- Products: AMI MegaRAC BMC (Baseboard Management Controller) software stack.
- Versions: AMI MegaRAC vulnerable instances globally (affects over a dozen downstream manufacturers due to AMI's position in the BIOS supply chain). Specific version ranges are not detailed.
- Configurations: Applicable to systems running the affected AMI MegaRAC BMC software stack.
## Vulnerability Description
A critical vulnerability exists within the AMI MegaRAC BMC software stack. Exploiting this flaw allows an attacker to gain control of the server managed by the BMC, potentially leading to complete server takeover or denial of service. The ease of exploitation is high because the MegaRAC BMC firmware binaries are not encrypted, allowing for relatively straightforward creation of exploits.
## Exploitation
- Status: Exploited in the wild. CISA has added this vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
- Complexity: Low (Exploit creation is described as "not challenging" due to unencrypted firmware binaries).
- Attack Vector: Not explicitly detailed (Likely network access to the BMC interface).
## Impact
- Confidentiality: High (Potential server compromise).
- Integrity: High (Potential unauthorized modification or control).
- Availability: High (Potential to "brick" servers).
## Remediation
### Patches
- Specific patch versions are not listed in the provided text. Users must consult AMI advisories or vendor updates for the correct version addressing **CVE-2024-54085**.
### Workarounds
- No specific workarounds are detailed in the provided text segment.
## Detection
- Indicators of Compromise (IoCs): Not detailed in the text, but security monitoring for unauthorized access or modification attempts targeting the BMC interface should be prioritized.
- Detection methods and tools: CISA's addition to the KEV catalog suggests that organizations should audit their systems against known exploit signatures provided by CISA or security vendors.
## References
- Vendor advisories: AMI (American Megatrends International)
- Relevant links - defanged:
- cisa-gov/news-events/alerts/2025/06/25/cisa-adds-three-known-exploited-vulnerabilities-catalog
- cisa-gov/known-exploited-vulnerabilities-catalog
- bleepingcomputer-com/news/security/cisa-ami-megarac-bug-that-lets-hackers-brick-servers-now-actively-exploited/