CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-54085

High Severity
SVRS
40/100
CVSSv3
NA/10
EPSS
0.00109/1

CVE-2024-54085 is a critical authentication bypass vulnerability in AMI’s SPx, specifically within the BMC (Baseboard Management Controller). This Redfish Host Interface vulnerability allows remote attackers to bypass authentication. A successful exploit can result in a loss of confidentiality, integrity, and/or availability of the affected system. Despite a CVSS score of 0, SOCRadar's Vulnerability Risk Score (SVRS) indicates a score of 40, highlighting a moderate level of risk. This suggests potential real-world exploitability and the necessity for monitoring. The vulnerability is associated with CWE-290 (Authentication Bypass) which is a common attack vector. Although the SVRS is not in the critical range, the potential for compromise and the presence of "In The Wild" tags indicate that organizations should assess and monitor this CVE promptly.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2025-03-11
LAST MODIFIED2025-03-28
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-54085 describes a vulnerability in AMI’s SPx, specifically within the Baseboard Management Controller (BMC). This flaw allows a remote attacker to bypass authentication via the Redfish Host Interface. Successful exploitation can result in a loss of confidentiality, integrity, and/or availability of the system. The SOCRadar Vulnerability Risk Score (SVRS) is 48, indicating a moderate level of risk, although not critical (above 80), it still necessitates attention. The CVE is tagged "In The Wild," indicating that the vulnerability is actively exploited by hackers.

Key Insights

  • Authentication Bypass: The core issue is the ability to bypass authentication, granting unauthorized access to the BMC. This access can then be leveraged to perform malicious activities.
  • Remote Exploitation: The vulnerability is remotely exploitable through the Redfish interface, meaning attackers do not require physical access to the server.
  • Impact on CIA Triad: Exploitation can compromise all three pillars of security: confidentiality, integrity, and availability, potentially leading to data breaches, system corruption, and service disruption.
  • "In The Wild" Exploitation: The tag indicates the vulnerability is actively exploited by hackers, meaning that there is an elevated risk associated with the CVE.

Mitigation Strategies

  • Patch and Update: Apply the latest patches and updates provided by AMI for the SPx BMC firmware as soon as they become available. This is the most effective way to address the vulnerability.
  • Network Segmentation: Isolate the BMC network from the rest of the corporate network. This limits the blast radius if the BMC is compromised.
  • Redfish Interface Security: Implement strict access controls and strong authentication mechanisms for the Redfish interface. Consider disabling the interface if it is not actively used.
  • Monitor BMC Activity: Implement robust monitoring and logging of BMC activity to detect suspicious behavior indicative of exploitation attempts.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

24th March – Threat Intelligence Report - Check Point Research
2025-03-24
24th March – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 24th March, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Municipalities in four US states experienced cyberattacks that disrupted services for county offices, courts, and schools. Cleveland Municipal Court was hit by Qilin ransomware attack, forcing employees offline and delaying trials, while Strafford County, Pelham School District, and Derby Police Department also reported service disruptions which were not claimed by any specific threat actor. Check Point Harmony Endpoint and Threat Emulation provide protection against this threat (Ransomware.Wins.Qilin
google.com
rss
forum
news
Maximum severity vulnerability can lead to server bricking. - The CyberWire
2025-03-22
Maximum severity vulnerability can lead to server bricking. - The CyberWire | News Content: Exploit code published for critical Apache Tomcat vulnerability. Veeam issues patch for critical flaw affecting Backup & Replication software. Stalkerware company sustains data breach. Pennsylvania education union discloses breach. Maximum severity vulnerability can lead to server bricking. A maximum severity vulnerability (CVE-2024-54085) in American Megatrends International's (AMI's) MegaRAC Baseboard Management Controller (BMC) software could allow attackers to hijack and brick vulnerable servers, BleepingComputer reports. MegaRAC BMC is a remote server management tool used by major server vendors, including HPE, Asus, and ASRock. Since these servers
google.com
rss
forum
news
Critical AMI BMC Vulnerability Allows Attackers To Bypass Authentication Remotely
Tushar Subhra Dutta2025-03-19
Critical AMI BMC Vulnerability Allows Attackers To Bypass Authentication Remotely | Security researchers have discovered a new critical vulnerability in AMI’s MegaRAC software that enables attackers to bypass authentication remotely. This latest security flaw, identified as CVE-2024-54085, affects numerous data center equipment and server models, potentially compromising cloud infrastructure security across many organizations worldwide. The vulnerability exists in the Redfish interface of AMI’s Baseboard Management Controller […] The post Critical AMI BMC Vulnerability Allows Attackers To Bypass Authentication Remotely
cybersecuritynews.com
rss
forum
news
Nova falha de BMC da AMI expõe servidores a hackers
Da Redação2025-03-19
Nova falha de BMC da AMI expõe servidores a hackers | Uma vulnerabilidade crítica no firmware do controlador de gerenciamento de placa-base (BMC) da AMI, identificada como CVE-2024-54085, pode expor milhares de servidores a ataques remotos. O BMC é responsável pelo gerenciamento remoto de servidores, permitindo ações como atualização de firmware e controle de hardware. A falha recém-descoberta é semelhante à CVE-2023-34329, encontrada em 2023, que […] Fonte
cisoadvisor.com.br
rss
forum
news
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
Ajit Jasrotia2025-03-18
New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking | A critical security vulnerability has been disclosed in AMI’s MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. “A local or remote attacker can exploit the vulnerability by accessing the […] The post New Critical AMI BMC Vulnerability Enables Remote Server Takeover
allhackernews.com
rss
forum
news
BMC&C: Redfish Alert 3
Chris Garland2025-03-18
BMC&amp;C: Redfish Alert 3 | Remotely Exploitable AMI Vulnerabilities Introduce Risk In Cloud Infrastructure Supply Chain A continuation of BMC&#38;C research and findings, exploring exploit chaining and post-exploit impact scenarios for data centers worldwide. BMC&#38;C Vulnerabilities &#8211; Part 3 The Eclypsium research team has discovered a previously unknown remotely exploitable vulnerability in AMI’s MegaRAC software that allows attackers to bypass [&#8230;] The post BMC&amp;C: Redfish Alert 3 appeared first on <a href="https://
eclypsium.com
rss
forum
news
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More
Ajit Jasrotia2025-03-17
⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More | From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week&#8217;s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source repositories [&#8230;] The post ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor
allhackernews.com
rss
forum
news

Social Media

CVE-2024-54085 - AMI MegaRAC BMC authentication bypass vulnerability https://t.co/5i7uNOjEdV https://t.co/qexuKOlEOD
0
0
0
oin us as we discuss the alarming MegaRAC CVE-2024-54085 vulnerability, a critical BMC flaw putting data centers at risk. #CyberSecurity #DataSecurity #BMCVulnerability #MegaRAC https://t.co/MccFYPmEIy
0
0
0
New Critical AMI BMC Vulnerability Allows Remote Server Takeover and Bricking 🚩 https://t.co/WqmYE07jq8 A critical vulnerability (CVE-2024-54085) in AMI's MegaRAC BMC software allows attackers to bypass authentication, deploy malware, and even brick servers. Update firmware
0
0
0
A major security flaw, CVE-2024-54085, has been detected in MegaRAC BMC software, exposing data centers to severe threats. This vulnerability could enable attackers to gain unauthorized access. #CyberSecurity #Data #BMCVulnerability #networksecurity https://t.co/SRrgSSpKyB
0
0
0
Actively exploited CVE : CVE-2024-54085
1
0
0
CVE-2024-54085 (CVSS 10): Critical BMC Flaw Exposes Servers to Total Takeover, Destruction - Daily Information Security https://t.co/6Rot9HCHP4
0
0
1
🚨 Critical flaw in AMI's MegaRAC BMC software (CVE-2024-54085) allows attackers to bypass auth, control servers, deploy malware, &amp; cause indefinite reboots. Patch ASAP! #CyberSecurity #Vulnerability #TechNews #AI #Infosec
0
0
1
CVE-2024-54085 (CVSS 10): Critical BMC Flaw Exposes Servers to Total Takeover, Destruction https://t.co/RUpeuk1YRk
0
3
7
A critical vulnerability, CVE-2024-54085, has been discovered in the AMI MegaRAC firmware, scoring a 10 on the CVSS scale. This flaw allows an authentication bypass in the Redfish API, affecting several major server brands including Asus and Lenovo. Fortunate users need to app...
1
0
0
🚨 Critical AMI MegaRAC flaw (CVE-2024-54085) lets remote attackers hijack, brick, and infect servers from HPE, Asus, ASRock, and more. 1,000+ servers exposed online! Patch now! #Deepweb #Darkweb More breaking news from the world and the Darkweb here: https://t.co/ZF7G3lwRdM https://t.co/BF96gt77wa
0
0
1

Affected Software

No affected software found for this CVE

References

ReferenceLink
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20250328-0003/
[email protected]https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf
[email protected]https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf

CWE Details

CWE IDCWE NameDescription
CWE-290Authentication Bypass by SpoofingThis attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence