Security News > 2023 > July > Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks
Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware.
"These new vulnerabilities range in severity from High to Critical, including unauthenticated remote code execution and unauthorized device access with superuser permissions," Eclypsium researchers Vlad Babkin and Scott Scheferman said in a report shared with The Hacker News.
"They can be exploited by remote attackers having access to Redfish remote management interfaces, or from a compromised host operating system."
The vulnerabilities are the latest additions to a set of bugs affecting AMI MegaRAC BMCs that have been cumulatively named BMC&C, some of which were disclosed by the firmware security company in December 2022 and February 2023.
Worried about insider threats? We've got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.
"As such these vulnerabilities can pose a risk to servers and hardware that an organization owns directly as well as the hardware that supports the cloud services that they use."
News URL
https://thehackernews.com/2023/07/critical-flaws-in-ami-megarac-bmc.html
Related news
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Crafting Shields: Defending Minecraft Servers Against DDoS Attacks (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Cyber attacks on critical infrastructure show advanced tactics and new capabilities (source)
- New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks (source)
- New HTTP/2 DoS attack can crash web servers with a single connection (source)
- Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Over 90,000 LG Smart TVs may be exposed to remote attacks (source)
- Critical Rust flaw enables Windows command injection attacks (source)