Security News > 2023 > July > Critical AMI MegaRAC bugs can let hackers brick vulnerable servers
Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller software made by hardware and software company American Megatrends International.
MegaRAC BMC provides admins with "Out-of-band" and "Lights-out" remote system management capabilities, enabling them to troubleshoot servers as if they were physically in front of the devices.
By combining these vulnerabilities, a remote attacker with network access to the BMC management interface and lacking BMC credentials can gain remote code execution on servers running vulnerable firmware.
In December 2022 and January 2023, Eclypsium disclosed five more MegaRAC BMC vulnerabilities that could be exploited to hijack, brick, or remotely infect compromised servers with malware.
Critical ColdFusion flaws exploited in attacks to drop webshells.
Hackers exploiting critical WordPress WooCommerce Payments bug.
News URL
Related news
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Critical FortiSwitch flaw lets hackers change admin passwords remotely (source)
- Critical flaws fixed in Nagios Log Server (source)
- ASUS releases fix for AMI bug that lets hackers brick servers (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
- Apache Parquet exploit tool detect servers vulnerable to critical flaw (source)
- CISA warns of hackers targeting critical oil infrastructure (source)
- Chinese hackers behind attacks targeting SAP NetWeaver servers (source)
- Türkiye Hackers Exploited Output Messenger Zero-Day to Drop Golang Backdoors on Kurdish Servers (source)
- Russia-linked hackers target webmail servers in Ukraine-related espionage operation (source)