CVE-2024-54085

Name of the Vulnerable Software and Affected Versions AMI MegaRAC SPx versions prior to 2024-08-27 ASUS PRO WS W790E-SAGE SE version prior to 1.1.57 ASUS PRO WS W680M-ACE SE version prior to 1.1.21 ASUS PRO WS WRX90E-SAGE SE version prior to 2.1.28 ASUS Pro WS WRX80E-SAGE SE WIFI version prior to 1.34.0

Description A critical authentication bypass vulnerability exists in AMI MegaRAC SPx firmware, specifically within the Baseboard Management Controller (BMC). This flaw allows a remote attacker to bypass authentication through the Redfish Host Interface, potentially gaining full control of the server. Successful exploitation could lead to a loss of confidentiality, integrity, and availability of the affected system. The vulnerability is actively being exploited and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. Over 1,000 servers are reported to be exposed online. Attackers can potentially deploy malware, tamper with firmware, brick motherboards, and cause indefinite reboot loops, or even inflict physical damage to the hardware. The vulnerability affects numerous vendors, including HPE, Asus, and ASRock. The Redfish interface is the entry point for exploitation.

Recommendations For AMI MegaRAC SPx versions prior to 2024-08-27, apply the available patch released by AMI. For ASUS PRO WS W790E-SAGE SE versions prior to 1.1.57, update to version 1.1.57. For ASUS PRO WS W680M-ACE SE versions prior to 1.1.21, update to version 1.1.21. For ASUS PRO WS WRX90E-SAGE SE versions prior to 2.1.28, update to version 2.1.28. For ASUS Pro WS WRX80E-SAGE SE WIFI versions prior to 1.34.0, update to version 1.34.0. Isolate BMC interfaces from external networks to minimize the risk of exploitation.