Full Report
A new critical severity vulnerability found in American Megatrends International's MegaRAC Baseboard Management Controller (BMC) software can let attackers hijack and potentially brick vulnerable servers. [...]
Analysis Summary
# Vulnerability: Critical AMI MegaRAC Authentication Bypass (Leading to Hijack/Bricking)
## CVE Details
- CVE ID: CVE-2024-54085
- CVSS Score: Information on the specific CVSS score is not provided, but the vulnerability is described as **critical**.
- CWE: Authentication Bypass (Implied by description)
## Affected Systems
- Products: AMI MegaRAC BMC software stack.
- Versions: Specific vulnerable versions are not detailed, but it affects systems using the AMI MegaRAC software. The scope implies downstream impact across over a dozen manufacturers using AMI's BIOS supply chain components.
- Configurations: Affects instances where Redfish remote management interfaces are exposed to remote access.
## Vulnerability Description
CVE-2024-54085 is an authentication bypass flaw within AMI's MegaRAC BMC software stack. Because the firmware binaries are not encrypted, the vulnerability is reportedly "not challenging" to exploit. This flaw can be chained with previously discovered vulnerabilities (like CVE-2022-40258, which involves weak password hashes for Redfish & API) to allow attackers to remotely hijack, brick, or infect servers with malware.
## Exploitation
- Status: **No exploits have been found in the wild.**
- Complexity: **Not challenging** (given unencrypted firmware binaries).
- Attack Vector: Remote (likely Network, especially if Redfish interfaces are exposed).
## Impact
The potential impact is severe, allowing for:
- **Confidentiality:** High (Potential remote compromise of system management data).
- **Integrity:** High (Ability to hijack or inject malicious code).
- **Availability:** High (Ability to brick the server).
## Remediation
### Patches
AMI released patches one week prior to the article's summary date (March 11). Vendors incorporating AMI fixes must publish updates.
- **AMI Patch Notification:** Refer to the AMI Security Advisory published March 11 (AMI-SA-2025003).
- **Lenovo Patch Notification:** Updates available at support dot lenovo dot com slash us slash en slash product security slash ps500703-ami-megarac-spx-redfish-authentication-bypass.
- **HPE Patch Notification:** Updates available at support dot hpe dot com slash hpesc slash public slash docDisplay docId=hpesbcr04828en\_us&docLocale=en\_US.
*Note: Patching is described as a "non-trivial exercise, requiring device downtime."*
### Workarounds
- Do not expose AMI MegaRAC instances online (i.e., restrict external/untrusted network access to BMC management interfaces).
## Detection
- **Indicators of Compromise:** Monitoring for unusual activity or unauthorized configuration changes via the Redfish interface or BMC administration console.
- **Detection Methods and Tools:** Monitor server logs for suspicious activity related to BMC access or configuration modification attempts.
## References
- Vendor Advisories:
- AMI Security Advisory: AMI-SA-2025003
- Lenovo Advisory: ps500703-ami-megarac-spx-redfish-authentication-bypass
- HPE Advisory: hpesbcr04828en\_us
- Relevant links:
- bleepingcomputer dot com/news/security/critical-ami-megarac-bug-can-let-attackers-hijack-brick-servers/