Security News > 2023 > July > Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks

Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware.

"These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser permissions," Eclypsium researchers Vlad Babkin and Scott Scheferman said in a report shared with The Hacker News.

"They can be exploited by remote attackers having access to Redfish remote management interfaces, or from a compromised host operating system."

The vulnerabilities are the latest additions to a set of bugs affecting AMI MegaRAC BMCs that have been cumulatively named BMC&C, some of which were disclosed by the firmware security company in December 2022 and February 2023.

Worried about insider threats? We've got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.

"As such these vulnerabilities can pose a risk to servers and hardware that an organization owns directly as well as the hardware that supports the cloud services that they use."

News URL

https://thehackernews.com/2023/07/critical-flaws-in-ami-megarac-bmc.html