AMI has disclosed a critical vulnerability, CVE-2024-54085, with a CVSS score of 10.0. This vulnerability allows attackers to gain remote access and execute malicious commands. Continue reading this Cybersecurity Threat Advisory to learn how to mitigate your risk.
What is the threat?
A recently discovered authentication bypass vulnerability in the Redfish API of the AMI MegaRAC Baseboard Management Controller (BMC) poses a serious risk to server security. This flaw allows attackers to remotely access the BMC, enabling them to perform malicious activities like deploying malware or modifying firmware.
Why is it noteworthy?
Major server manufacturers such as HPE, Lenovo, and ASUS use the MegaRAC BMC. This means many servers in data centers, as well as those in companies with their own server farms, are at risk. If successfully exploited, attackers can gain remote access, execute malicious commands, and potentially damage server hardware, compromising other BMCs within the same network.
What is the exposure or risk?
This authentication bypass vulnerability poses a critical risk to server environments. With unauthorized access, attackers can deploy ransomware, manipulate firmware, and potentially cause system crashes or become inaccessible, leading to costly downtime, hardware replacement expenses, and significant security breaches. With many BMCs exposed to the Internet, they are prime targets for remote attacks. Organizations must take immediate action to secure their BMC interfaces and prevent exploitation.
What are the recommendations?
Barracuda recommends the following actions to mitigate risk:
- Update all server software, especially HPE, Asus ASRockRack, and Lenovo.
- Restrict access to the BMC interfaces, including Redfish, to only those users and systems that absolutely require it.
- Implement network segmentation to isolate BMCs from the public internet and limit exposure to potential attackers.
- Utilize strong passwords for BMC accounts and enable multi-factor authentication (MFA) where possible.
- Set up logging and monitoring for BMC activities to detect unusual behavior or unauthorized access attempts. Regularly review logs for signs of compromise or unexpected behavior, such as account creation.
- Create and regularly update an incident response plan that includes specific procedures for addressing vulnerabilities in BMCs. Ensure that all relevant personnel are trained on the plan and understand their roles in the event of a security incident.
References
For more in-depth information about the recommendations, please visit the following links:
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
