Authentication Bypass Vulnerability in AMIās SPx Management Controller
CVE-2024-54085
Key Information:
- Vendor
Ami
- Status
- Vendor
- CVE Published:
- 11 March 2025
Badges
What is CVE-2024-54085?
CVE-2024-54085 is an authentication bypass vulnerability present in AMIās SPx Management Controller. This product is utilized to manage server hardware and provides a crucial interface for systems management. The vulnerability allows an attacker to remotely bypass authentication protocols via the Redfish Host Interface, significantly threatening the security posture of organizations using this technology. If exploited, it could lead to severe breaches of confidentiality, integrity, and availability of critical systems and data.
Technical Details
The vulnerability exists within the Baseboard Management Controller (BMC) component of AMIās SPx Management Controller. Specifically, the flaw permits remote authentication bypass, meaning that unauthorized users can access management functions without going through the proper authentication processes. This vulnerability alters the expected security mechanisms designed to protect sensitive hardware management operations.
Potential Impact of CVE-2024-54085
-
Loss of Confidentiality: Successful exploitation could provide attackers access to sensitive information stored or processed by the management interface, leading to potential data leaks.
-
Integrity Compromise: Attackers could alter or manipulate system settings and configurations without authorization, risking the reliability and accuracy of managed systems.
-
Availability Threat: An attacker gaining access to the management controller could disrupt service availability, potentially leading to downtime or service outages that affect business operations.
CISA has reported CVE-2024-54085
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-54085 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
MegaRAC-SPx 12.0 < 12.7
MegaRAC-SPx 13.0 < 13.5
News Articles
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks
CISA says a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller (BMC) software, which enables attackers to hijack and brick servers, is currently under active exploitation.
2 weeks ago
The Hacker NewsCISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet
CISA adds 3 critical vulnerabilities to KEV catalog, affecting AMI MegaRAC, D-Link, and Fortinet, urging mitigations by July 2025.
2 weeks ago
ASUS releases fix for AMI bug that lets hackers brick servers
ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers.
References
EPSS Score
10% chance of being exploited in the next 30 days.
CVSS V4
Timeline
- š¦
CISA Reported
- š°
Used in Ransomware
- š¾
Exploit known to exist
- š°
First article discovered by CSO Online
Vulnerability published
Vulnerability Reserved