A critical vulnerability has been discovered in AMI’s MegaRAC software, which is used in Baseboard Management Controllers (BMCs) across multiple server vendors.
This flaw, identified as CVE-2024-54085, allows remote attackers to bypass authentication on the Redfish interface, potentially exposing cloud infrastructure and data centers to severe risks.
The vulnerability was uncovered by Eclypsium, building on previous research that highlighted similar authentication bypass issues in BMC software.
Impact
The vulnerability exploits a weakness in the authentication mechanism of the Redfish interface, allowing attackers to bypass security checks by manipulating specific HTTP headers.
This can be achieved by crafting a request with a carefully designed “X-Server-Addr” header, which, when processed by the vulnerable code, extracts a value that matches entries in the Redis database.
This effectively bypasses authentication, enabling attackers to access and control server management interfaces remotely.
The impact is significant, as attackers can deploy malware, tamper with firmware, or even cause physical damage to servers by inducing over-voltage conditions or bricking components.
Exploitation
The severity of this vulnerability is underscored by its CVSS scores, which reach a maximum of 10.0 for both CVSSv3 and CVSSv4 when the Redfish interface is directly exposed to the internet.
Even when access is restricted to adjacent networks, the CVSS scores remain high at 9.6 and 9.4, respectively.
While no known exploits are currently observed in the wild, the ease of crafting an exploit once the vulnerability is identified poses a significant threat.
AMI has released patches for the vulnerability, but applying these fixes requires downtime for affected devices.
Organizations are advised to ensure that all remote management interfaces are not exposed externally and that internal access is restricted to authorized users.
Regular software and firmware updates are crucial, along with monitoring server firmware for signs of unauthorized modifications.
Additionally, new equipment should be thoroughly checked for outdated firmware and potential supply chain vulnerabilities before deployment.
Eclypsium’s research highlights the importance of securing BMCs, as vulnerabilities in these components can have far-reaching impacts across the technology supply chain.
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Warning for WordPress Admins – Fake SEO Plugins Hijacking Websites")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Apache APISIX Flaw Enables Unauthorized Cross-Issuer Access Due to Misconfigurations")
%20(1).webp?w=1200&resize=1200,0&ssl=1 "Instagram Adopts Daily TLS Certificate Rotation with One-Week Validity")
