Critical Server Vulnerability Actively Exploited – Patch Now!
▼ Summary
– A critical vulnerability (rated 10/10) in AMI MegaRAC firmware allows hackers to gain full control over thousands of servers, including mission-critical ones.
– The vulnerability affects baseboard management controllers (BMCs), which enable remote server management even when servers are powered off or OS isn’t running.
– Compromising a single BMC can let attackers pivot into internal networks and take control of other BMCs, bypassing physical access requirements.
– The flaw (CVE-2024-54085) allows authentication bypass via a simple HTTP request, enabling remote admin account creation without credentials.
– Discovered by Eclypsium and disclosed in March, the vulnerability initially had no known active exploits but is now being targeted.
A critical server vulnerability is being actively exploited, putting thousands of systems at risk of complete takeover. Cybersecurity experts urge immediate patching to prevent attackers from gaining unauthorized access to sensitive infrastructure.
The flaw, rated 10 out of 10 in severity, affects AMI MegaRAC, a widely deployed firmware used for remote server management. This software operates through baseboard management controllers (BMCs), specialized microcontrollers that provide administrators with deep control over servers, even when they’re powered off or unresponsive. BMCs enable tasks like OS reinstallation, application deployment, and configuration changes without physical access, making them a high-value target for attackers.
Exploiting this vulnerability, tracked as CVE-2024-54085, allows hackers to bypass authentication entirely. By sending a simple HTTP request to a vulnerable BMC, an attacker can create an administrative account without needing valid credentials. Security researchers at Eclypsium uncovered the flaw and published proof-of-concept exploit code in March. While initial reports indicated no active exploitation, recent warnings confirm that malicious actors are now leveraging this weakness in real-world attacks.
Once inside, attackers can pivot across internal networks, compromising additional BMCs and gaining control over entire server fleets. Given the critical role these systems play in data centers, delays in patching could lead to catastrophic breaches, including unauthorized data access, service disruptions, or even ransomware deployment.
Organizations relying on AMI MegaRAC firmware should prioritize applying the latest security updates immediately. Proactive measures, such as network segmentation and monitoring for unusual BMC activity, can further reduce exposure while patches are rolled out. The stakes are too high to ignore, swift action is the only defense against this escalating threat.
(Source: Ars Technica)
