Actively exploited vulnerability gives extraordinary control over server fleets
1 min read
Summary
A critical vulnerability has been found in AMI MegaRAC, a popular firmware package, that allows servers to be remotely managed, even when they are not working or are powered down.
The flaw could allow an attacker to take complete control of thousands of servers and gain admin privileges without any authentication being required.
The affected baseboard management controllers (BMC) are used to manage data centres virtually, allowing admins to install OS or app updates and make config changes.
If one BMC is compromised, the attacker could gain access to the whole network of servers.
Although the vulnerability (CVE-2024-54085) was disclosed in March, there are no reports of it being actively exploited, and no official patch has yet been issued.
Industry experts have warned that many organisations are wide open to attack.
