Security News > 2023 > July > Critical AMI MegaRAC bugs can let hackers brick vulnerable servers
Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller software made by hardware and software company American Megatrends International.
MegaRAC BMC provides admins with "Out-of-band" and "Lights-out" remote system management capabilities, enabling them to troubleshoot servers as if they were physically in front of the devices.
By combining these vulnerabilities, a remote attacker with network access to the BMC management interface and lacking BMC credentials can gain remote code execution on servers running vulnerable firmware.
In December 2022 and January 2023, Eclypsium disclosed five more MegaRAC BMC vulnerabilities that could be exploited to hijack, brick, or remotely infect compromised servers with malware.
Critical ColdFusion flaws exploited in attacks to drop webshells.
Hackers exploiting critical WordPress WooCommerce Payments bug.
News URL
Related news
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers (source)
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- New critical Apache Struts flaw exploited to find vulnerable servers (source)
- APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP (source)
- Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools (source)