Security News > 2023 > July > Critical AMI MegaRAC bugs can let hackers brick vulnerable servers
Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller software made by hardware and software company American Megatrends International.
MegaRAC BMC provides admins with "Out-of-band" and "Lights-out" remote system management capabilities, enabling them to troubleshoot servers as if they were physically in front of the devices.
By combining these vulnerabilities, a remote attacker with network access to the BMC management interface and lacking BMC credentials can gain remote code execution on servers running vulnerable firmware.
In December 2022 and January 2023, Eclypsium disclosed five more MegaRAC BMC vulnerabilities that could be exploited to hijack, brick, or remotely infect compromised servers with malware.
Critical ColdFusion flaws exploited in attacks to drop webshells.
Hackers exploiting critical WordPress WooCommerce Payments bug.
News URL
Related news
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- SAP fixes critical vulnerabilities in NetWeaver application servers (source)
- Critical SimpleHelp vulnerabilities fixed, update your server instances! (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)