Critical AMI MegaRAC Vulnerability: Helping Houston Businesses Understand CVE-2024-54085

Security researchers have recently discovered a critical vulnerability in American Megatrends International’s (AMI) MegaRAC Baseboard Management Controller (BMC) software. This vulnerability, tracked as CVE-2024-54085, poses a significant threat to server infrastructure across numerous organizations. In this blog post, we’ll explore the details of this vulnerability, its potential impact, and steps organizations should take to protect their systems.

  What is the AMI MegaRAC BMC?

The MegaRAC BMC software provides “lights-out” and “out-of-band” remote system management capabilities, allowing administrators to troubleshoot servers remotely as if they were physically present. This firmware is widely used by over a dozen server vendors that supply equipment to many cloud service and data center providers, including HPE, Asus, ASRock, and others.

  Understanding CVE-2024-54085

CVE-2024-54085 is an authentication bypass vulnerability that affects AMI’s MegaRAC BMC software. Security researchers at Eclypsium discovered this flaw while analyzing patches issued by AMI for a previous vulnerability (CVE-2023-34329). The vulnerability has been assigned the highest possible CVSS v4 score of 10.0, indicating maximum severity.

This critical authentication bypass vulnerability allows attackers to gain unauthorized access to servers by exploiting the remote management interfaces (Redfish) or the internal host to the BMC interface. The security flaw is particularly concerning because it can be exploited by remote unauthenticated attackers through low-complexity attacks that don’t require user interaction.

  Potential Impact of Exploitation

If successfully exploited, CVE-2024-54085 could allow attackers to:

• Remotely control the compromised server
• Deploy malware or ransomware
• Tamper with firmware
• Brick motherboard components (BMC or potentially BIOS/UEFI)
• Cause potential server physical damage through over-voltage
• Create indefinite reboot loops that victims cannot stop

The vulnerability can also be weaponized to stage disruptive attacks by sending malicious commands that cause susceptible devices to continually reboot, potentially leading to indefinite downtime until the devices are re-provisioned.

  Affected Systems

Eclypsium has confirmed that the following systems are vulnerable to CVE-2024-54085:

• HPE Cray XD670
• Asus RS720A-E11-RS24U
• ASRockRack

However, researchers note that “there are likely to be more affected devices and/or vendors.” Using Shodan, security researchers found over 1,000 servers online that are potentially exposed to Internet attacks.

  Remediation Steps

To protect against this vulnerability, organizations should:

1. Apply patches released by AMI, Lenovo, and HPE as soon as possible
2. Avoid exposing AMI MegaRAC instances online
3. Monitor server logs for suspicious activity
4. Be aware that patching these vulnerabilities requires device downtime

AMI released patches to address the flaw on March 11, 2025. HPE and Lenovo have already released security updates for their products that integrate AMI’s fix. While there is no evidence that the issue has been exploited in the wild, it’s essential that downstream users update their systems once OEM vendors incorporate these fixes and release them to their customers.

  How CinchOps Can Help Secure Your Business

At CinchOps, we understand the critical nature of vulnerabilities like CVE-2024-54085 and the challenges organizations face in maintaining secure infrastructure. Our comprehensive security services can help your business:

• Conduct thorough vulnerability assessments to identify and prioritize critical security issues
• Implement robust patch management processes to ensure timely updates
• Provide continuous monitoring of your server infrastructure for suspicious activities
• Develop and execute incident response plans in case of security breaches
• Offer expert guidance on secure configuration practices for server management interfaces

Discover more about our enterprise-grade and business protecting cybersecurity services on our Cybersecurity page.

Contact CinchOps today to learn how our security experts can help protect your business against threats like CVE-2024-54085 and ensure the integrity and availability of your server infrastructure.

FREE SECURITY ASSESSMENT