A newly discovered vulnerability in AMI’s baseboard management controller firmware poses a severe risk to millions of servers worldwide. Security researchers at Eclypsium found that this flaw allows attackers to gain remote control of vulnerable systems, potentially causing irreversible hardware damage.
Eclypsium, known for its in-depth analysis of BMC security, has warned about these risks before. In 2023, they revealed two major flaws in AMI’s MegaRAC BMC that exposed countless devices to takeovers and even physical destruction. Now, researchers have reported a new vulnerability labeled CVE-2024-54085, which closely resembles the previously disclosed CVE-2023-34329. Although the two share similarities, it is still unclear whether the new issue stems from incomplete patching or represents an entirely different flaw. This uncertainty only adds to the growing concern within the tech community.
The baseboard management controller, commonly known as BMC, serves a vital role in server maintenance. It allows administrators to remotely monitor systems, update firmware, and even install operating systems. Because of its core function, any breach could grant attackers unfettered access to the server’s deepest controls. A relevant visual example would be a diagram showing BMC’s role within server architecture, highlighting its control over critical functions.
AMI’s MegaRAC BMC is embedded in millions of devices from leading manufacturers such as Dell, Asus, Lenovo, HPE, Arm, Nvidia, Huawei, and Gigabyte. This wide adoption amplifies the potential impact of the newly found flaw. According to Eclypsium, devices from HPE, Asus, Asrock, and Lenovo are confirmed to be vulnerable. Although AMI has released patches addressing this issue, the responsibility to distribute these updates now falls on the original equipment manufacturers. Until these patches reach end-users, millions of servers remain exposed to attacks.
The vulnerability targets the Redfish management interface, which is designed to streamline server monitoring. By exploiting this flaw, attackers can bypass authentication, gaining full control of the affected machines. This level of access allows them to deploy malware, alter the firmware, or even damage hardware components. A technical video demonstration showing how Redfish interfaces operate could help viewers grasp the risks involved.
Worse still, attackers can manipulate voltage settings, potentially destroying critical motherboard parts. In shared environments like data centers, the attack could escalate further. Eclypsium explains that hackers might push malicious commands across every BMC in the same management network, forcing devices into endless reboot cycles. Once triggered, these reboots would continue indefinitely, causing unrecoverable downtime until every affected device is re-provisioned.
To illustrate the scale of exposure, Eclypsium scanned the internet using Shodan and discovered over 1,000 MegaRAC instances that are publicly accessible and vulnerable. However, many more systems are likely at risk from attackers with local or internal network access. An interactive heatmap showing where these vulnerable devices are concentrated globally would be a powerful addition to visualize this threat.
Given the gravity of the situation, data centers and IT teams should act quickly. They need to check advisories from AMI, Lenovo, HPE, and Asus and apply any available patches without delay. Limiting external access to BMC interfaces is also essential. Administrators should review network traffic closely and watch for any signs of abnormal BMC activity. Adding an infographic on best practices for securing BMCs could help teams reinforce their defenses.
Ignoring this vulnerability could leave critical systems open to devastating attacks. The possibility of malware deployment, permanent hardware damage, and prolonged service outages makes immediate action non-negotiable. Securing these systems is not just about preventing data loss—it’s about protecting the physical infrastructure that powers modern digital services.
For more technical insights, readers can explore detailed research published by Eclypsium or review the CVE entry for a full breakdown of the vulnerability. Keeping firmware updated and isolating management interfaces from external access points will significantly reduce the risk of exploitation.
Images or videos showing server rooms, BMC chipsets, or animated visualizations of cyberattacks on hardware systems could enhance reader understanding and engagement throughout this article.
