CyberSecurityBoard
Sponsor Register Login

Critical AMI BMC Vulnerability Allows Attackers To Bypass Authentication Remotely

Security researchers have discovered a new critical vulnerability in AMI’s MegaRAC software that enables attackers to bypass authentication remotely. Their investigation revealed the flaw exists in the host-interface-support-module.lua file within the firmware filesystem, allowing attackers to manipulate HTTP header values to circumvent security controls. Successful exploitation could allow attackers to gain complete remote control of compromised servers, deploy malware or ransomware, tamper with firmware, physically damage hardware through over-voltage conditions, or create indefinite reboot loops that victims cannot recover from without re-provisioning. The vulnerability exists in the Redfish interface of AMI’s Baseboard Management Controller (BMC) software and impacts various devices including HPE Cray XD670 and Asus RS720A-E11-RS24U servers. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The code uses a regex expression that extracts everything up to the first colon, meaning if an attacker sends “169.254.0.17:” as input, the system extracts “169.254.0.17” which matches database values and bypasses authentication. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. This latest security flaw, identified as CVE-2024-54085, affects numerous data center equipment and server models, potentially compromising cloud infrastructure security across many organizations worldwide. The severity of this vulnerability cannot be overstated, with CVSS scores of 10.0 (CVSSv3) and 10.0 (CVSSv4) when Redfish is directly exposed to the internet. Eclypsium researchers identified that versions of MegaRAC as recent as August 2024 are affected by this authentication bypass vulnerability. Organizations are advised to ensure remote management interfaces are not exposed externally and to perform regular firmware updates on all servers. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. According to security analyses, approximately 1,000 exposed instances were discovered on the public internet through Shodan searches.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 19 Mar 2025 15:16:14 +0000


Cyber News related to Critical AMI BMC Vulnerability Allows Attackers To Bypass Authentication Remotely

whoAMI attacks give hackers code execution on Amazon EC2 instances - The attacker only needs an AWS account to publish their backdoored AMI to the public Community AMI catalog and strategically choose a name that mimics the AMIs of their targets. The issue was fixed last year on September 19, and on December 1st AWS ...
1 month ago Bleepingcomputer.com
AWS CloudQuarry: Digging for Secrets in Public AMIs - Money, secrets and mass exploitation: This research unveils a quarry of sensitive data stored in public AMIs. As a best practice, AMI creators should not include credentials, including AWS account credentials, in published AMIs. We wanted to scan all ...
10 months ago Packetstormsecurity.com
Critical AMI BMC Vulnerability Allows Attackers To Bypass Authentication Remotely - Security researchers have discovered a new critical vulnerability in AMI’s MegaRAC software that enables attackers to bypass authentication remotely. Their investigation revealed the flaw exists in the host-interface-support-module.lua file ...
5 hours ago Cybersecuritynews.com CVE-2024-54085
Uncovering Additional Supply Chain Vulnerabilities in AMI MegaRAC BMC Software - Nearly two months after three security vulnerabilities were revealed in AMI MegaRAC Baseboard Management Controller software, two more supply chain security flaws have been uncovered. Firmware security firm Eclypsium held back the two shortcomings ...
2 years ago Thehackernews.com CVE-2022-26872 CVE-2022-40259 CVE-2022-40242 CVE-2022-2827
Passwordless Login: Effortless Authentication - Let's explore how passwordless login paves the way for seamless and secure user authentication, fostering trust and loyalty. The Password Dilemma Though conventional complex password-based authentication has long been a cornerstone of robust ...
1 year ago Feeds.dzone.com
What Is Kerberos Authentication?: Implementing Effective Security Protocols - Kerberos is a vital security protocol that any serious computer user must be familiar with. It is an open standard that provides a secure way of verifying the identity of user across multiple systems. The Kerberos authentication protocol is a ...
2 years ago Heimdalsecurity.com
How to Use Context-Based Authentication to Improve Security - One of the biggest security weak points for organizations involves their authentication processes. Context-based authentication offers an important tool in the battle against credential stuffing, man-in-the-middle attacks, MFA prompt bombing, and ...
1 year ago Securityboulevard.com
Top 10 Best Passwordless Authentication Tools in 2025 - Auth0 provides a flexible authentication and authorization platform that supports passwordless login methods, enhancing security and user experience by eliminating the need for traditional passwords. Okta provides a robust identity and access ...
1 week ago Cybersecuritynews.com
Selecting an Authentication Protocol for Your Business - Authentication protocols serve as the backbone of online security, enabling users to confirm their identities securely and access protected information and services. The protocols exchange information to verify the validity of the authentication ...
11 months ago Darkreading.com
CVE-2020-11487 - NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a ...
4 years ago
Biometric Authentication in Business: Enhancing Security - With its high level of security, convenience, user-friendliness, and accuracy, biometric authentication is paving the way for the future of secure authentication in the business world. One of the primary advantages of implementing biometric ...
1 year ago Securityzap.com
CVE-2019-6260 - The ASPEED ast2400 and ast2500 Baseband Management Controller (BMC) hardware and firmware implement Advanced High-performance Bus (AHB) bridges, which allow arbitrary read and write access to the BMC's physical address space from the host (or ...
4 years ago
Biometric Authentication: Advancements and Challenges - Advancements in technology are driving the world of biometric authentication into a realm where one's very being serves as the key to accessing secure systems. The Evolution of Biometric Technology has significantly transformed the landscape of ...
1 year ago Securityzap.com
Cybersecurity Weekly Recap: Latest on Attacks, Vulnerabilities, & Data Breaches - A critical SSRF vulnerability in Microsoft Power Platform’s SharePoint connector allowed attackers to impersonate users and access sensitive data. Ivanti patched a critical command injection vulnerability in its Cloud Services Appliance (CSA), ...
1 month ago Cybersecuritynews.com CVE-2025-0108 CVE-2024-53704 CVE-2024-52875 CVE-2023-20198 CVE-2023-20273 Winnti Group
CVE-2020-11483 - NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may ...
4 years ago
CVE-2020-11488 - NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to ...
4 years ago
CVE-2020-11489 - NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to ...
3 years ago
CVE-2020-11484 - NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to ...
3 years ago
VMWare discloses critical VCD Appliance auth bypass with no patch - VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers. The auth ...
1 year ago Bleepingcomputer.com CVE-2023-34060
Amazon Machine Image Name Confusion Attack Let Attackers Publish Resource - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerability arises from misconfigured software that retrieves AMIs without properly specifying trusted owners, ...
1 month ago Cybersecuritynews.com
Opening Statement by CISA Director Jen Easterly - Chairman Gallagher, Ranking Member Krishnamoorthi, Members of the Committee, thank you for the opportunity to testify on CISA's efforts to protect the Nation from the preeminent cyber threat posed by the People's Republic of China. As America's ...
1 year ago Cisa.gov
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks - VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins ...
1 year ago Bleepingcomputer.com CVE-2023-34060
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs - Researchers have uncovered "LogoFAIL," a set of critical vulnerabilities present in the Unified Extensible Firmware Interface ecosystem for PCs. Exploitation of the vulnerabilities nullify essential endpoint security measures and provide attackers ...
1 year ago Darkreading.com
CVE-2021-41129 - Pterodactyl is an open-source game server management panel built with PHP 7, React, and Go. A malicious user can modify the contents of a `confirmation_token` input during the two-factor authentication process to reference a cache value not ...
1 year ago
Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account - This code snippet shows how attackers can intercept an authentication response and modify critical status flags to falsely indicate MFA verification has been successfully completed. These advanced techniques, which exploit vulnerabilities in ...
1 week ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)