A critical flaw (CVE-2024-54085) affects the MegaRAC Baseboard Management Controller (BMC) software, used by several hardware vendors. The vulnerability can allow an attacker to fully control the server and cause physical damage.
π§ Remediation Steps: ASUS has released crucial firmware updates. Update your BMC firmware ASAP when available
#cybersecurity #MegaRAC #vulnerabilitymanagement
Read more: https://www.bleepingcomputer.com/news/security/asus-releases-fi
MegaRAC has a critical flaw allowing hackers to bypass authentication and take full control of servers.
#cybersecurity #authentication #MegaRAC #hacking
https://cnews.link/critical-flaw-affect-server-remote-management-megarac-1/
Critical #AMI #MegaRAC bug can let attackers hijack, brick #servers
MegaRAC #BMC provides "lights-out" and "out-of-band" remote system management capabilities that help admins troubleshoot servers as if they were physically in front of the devices. The firmware is used by over a dozen #server vendors that provide equipment to many cloud service and #datacenter providers, including #HPE, #Asus, #ASRock, and others.
https://www.bleepingcomputer.com/news/security/critical-ami-megarac-bug-can-let-attackers-hijack-brick-servers/
ΠΠ΅Π΄Π°Π²Π½ΠΎ Π±ΡΠ»Π° ΠΎΠ±Π½Π°ΡΡΠΆΠ΅Π½Π° ΠΊΡΠΈΡΠΈΡΠ΅ΡΠΊΠ°Ρ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ Π² ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌΠ½ΠΎΠΌ ΠΎΠ±Π΅ΡΠΏΠ΅ΡΠ΅Π½ΠΈΠΈ MegaRAC Baseboard Management Controller (BMC) ΠΎΡ American Megatrends International (AMI), ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌΠΎΠΌ Π² ΡΠ΅ΡΠ²Π΅ΡΠ°Ρ
ΡΠ°ΠΊΠΈΡ
ΠΏΡΠΎΠΈΠ·Π²ΠΎΠ΄ΠΈΡΠ΅Π»Π΅ΠΉ, ΠΊΠ°ΠΊ HPE, Asus ΠΈ ASRock.
**ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ:**
Π£ΡΠ·Π²ΠΈΠΌΠΎΡΡΡ, ΠΏΠΎΠ»ΡΡΠΈΠ²ΡΠ°Ρ ΠΈΠ΄Π΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΎΡ CVE-2024-54085, ΠΏΠΎΠ·Π²ΠΎΠ»ΡΠ΅Ρ ΡΠ΄Π°Π»ΡΠ½Π½ΡΠΌ Π½Π΅Π°ΡΡΠ΅Π½ΡΠΈΡΠΈΡΠΈΡΠΎΠ²Π°Π½Π½ΡΠΌ Π·Π»ΠΎΡΠΌΡΡΠ»Π΅Π½Π½ΠΈΠΊΠ°ΠΌ ΠΏΠΎΠ»ΡΡΠΈΡΡ ΠΏΠΎΠ»Π½ΡΠΉ ΠΊΠΎΠ½ΡΡΠΎΠ»Ρ Π½Π°Π΄ ΡΡΠ·Π²ΠΈΠΌΡΠΌΠΈ ΡΠ΅ΡΠ²Π΅ΡΠ°ΠΌΠΈ. ΠΡΠ°ΠΊΠ° ΠΌΠΎΠΆΠ΅Ρ Π±ΡΡΡ ΠΎΡΡΡΠ΅ΡΡΠ²Π»Π΅Π½Π° ΡΠ΅ΡΠ΅Π· ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΡ ΡΠ΄Π°Π»ΡΠ½Π½ΠΎΠ³ΠΎ ΡΠΏΡΠ°Π²Π»Π΅Π½ΠΈΡ, ΡΠ°ΠΊΠΈΠ΅ ΠΊΠ°ΠΊ Redfish, ΠΈ Π½Π΅ ΡΡΠ΅Π±ΡΠ΅Ρ ΡΠ»ΠΎΠΆΠ½ΡΡ
ΡΠ΅Ρ
Π½ΠΈΡΠ΅ΡΠΊΠΈΡ
Π½Π°Π²ΡΠΊΠΎΠ² ΠΈΠ»ΠΈ Π²Π·Π°ΠΈΠΌΠΎΠ΄Π΅ΠΉΡΡΠ²ΠΈΡ Ρ ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»Π΅ΠΌ.
**ΠΠΎΠ·ΠΌΠΎΠΆΠ½ΡΠ΅ ΠΏΠΎΡΠ»Π΅Π΄ΡΡΠ²ΠΈΡ ΡΠΊΡΠΏΠ»ΡΠ°ΡΠ°ΡΠΈΠΈ:**
- Π£Π΄Π°Π»ΡΠ½Π½ΠΎΠ΅ ΡΠΏΡΠ°Π²Π»Π΅Π½ΠΈΠ΅ ΡΠ΅ΡΠ²Π΅ΡΠΎΠΌ, Π²ΠΊΠ»ΡΡΠ°Ρ ΡΠ°Π·Π²ΡΡΡΡΠ²Π°Π½ΠΈΠ΅ Π²ΡΠ΅Π΄ΠΎΠ½ΠΎΡΠ½ΠΎΠ³ΠΎ ΠΠ ΠΈΠ»ΠΈ ΠΏΡΠΎΠ³ΡΠ°ΠΌΠΌ-Π²ΡΠΌΠΎΠ³Π°ΡΠ΅Π»Π΅ΠΉ.
- ΠΠΎΠ΄ΠΈΡΠΈΠΊΠ°ΡΠΈΡ ΠΏΡΠΎΡΠΈΠ²ΠΊΠΈ, ΡΡΠΎ ΠΌΠΎΠΆΠ΅Ρ ΠΏΡΠΈΠ²Π΅ΡΡΠΈ ΠΊ ΠΏΠΎΠ²ΡΠ΅ΠΆΠ΄Π΅Π½ΠΈΡ ΠΊΠΎΠΌΠΏΠΎΠ½Π΅Π½ΡΠΎΠ² ΠΌΠ°ΡΠ΅ΡΠΈΠ½ΡΠΊΠΎΠΉ ΠΏΠ»Π°ΡΡ, ΡΠ°ΠΊΠΈΡ
ΠΊΠ°ΠΊ BMC ΠΈΠ»ΠΈ BIOS/UEFI.
- Π€ΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΎΠ΅ ΠΏΠΎΠ²ΡΠ΅ΠΆΠ΄Π΅Π½ΠΈΠ΅ ΡΠ΅ΡΠ²Π΅ΡΠ°, Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, ΡΠ΅ΡΠ΅Π· ΡΠΎΠ·Π΄Π°Π½ΠΈΠ΅ ΡΡΠ»ΠΎΠ²ΠΈΠΉ ΠΏΠ΅ΡΠ΅Π½Π°ΠΏΡΡΠΆΠ΅Π½ΠΈΡ ΠΈΠ»ΠΈ ΠΏΠΎΡΡΠΎΡΠ½Π½ΡΠ΅ ΡΠΈΠΊΠ»Ρ ΠΏΠ΅ΡΠ΅Π·Π°Π³ΡΡΠ·ΠΊΠΈ, ΠΊΠΎΡΠΎΡΡΠ΅ Π½Π΅Π²ΠΎΠ·ΠΌΠΎΠΆΠ½ΠΎ ΠΎΡΡΠ°Π½ΠΎΠ²ΠΈΡΡ Π±Π΅Π· ΡΠΈΠ·ΠΈΡΠ΅ΡΠΊΠΎΠ³ΠΎ Π²ΠΌΠ΅ΡΠ°ΡΠ΅Π»ΡΡΡΠ²Π°.
**Π Π΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°ΡΠΈΠΈ:**
ΠΠ΄ΠΌΠΈΠ½ΠΈΡΡΡΠ°ΡΠΎΡΠ°ΠΌ ΠΈ Π²Π»Π°Π΄Π΅Π»ΡΡΠ°ΠΌ ΡΠ΅ΡΠ²Π΅ΡΠΎΠ² ΡΠ΅ΠΊΠΎΠΌΠ΅Π½Π΄ΡΠ΅ΡΡΡ:
- ΠΠ³ΡΠ°Π½ΠΈΡΠΈΡΡ Π΄ΠΎΡΡΡΠΏ ΠΊ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ°ΠΌ ΡΠ΄Π°Π»ΡΠ½Π½ΠΎΠ³ΠΎ ΡΠΏΡΠ°Π²Π»Π΅Π½ΠΈΡ (Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, Redfish) ΡΠΎΠ»ΡΠΊΠΎ Π΄ΠΎΠ²Π΅ΡΠ΅Π½Π½ΡΠΌ ΡΠ΅ΡΡΠΌ.
- Π Π΅Π³ΡΠ»ΡΡΠ½ΠΎ ΠΎΠ±Π½ΠΎΠ²Π»ΡΡΡ ΠΏΡΠΎΡΠΈΠ²ΠΊΠΈ BMC Π΄ΠΎ ΠΏΠΎΡΠ»Π΅Π΄Π½ΠΈΡ
Π²Π΅ΡΡΠΈΠΉ, ΡΠΎΠ΄Π΅ΡΠΆΠ°ΡΠΈΡ
ΠΈΡΠΏΡΠ°Π²Π»Π΅Π½ΠΈΡ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ.
- ΠΠΎΠ½ΠΈΡΠΎΡΠΈΡΡ ΡΠ΅ΡΠ΅Π²ΠΎΠΉ ΡΡΠ°ΡΠΈΠΊ Π½Π° ΠΏΡΠ΅Π΄ΠΌΠ΅Ρ ΠΏΠΎΠ΄ΠΎΠ·ΡΠΈΡΠ΅Π»ΡΠ½ΠΎΠΉ Π°ΠΊΡΠΈΠ²Π½ΠΎΡΡΠΈ, ΡΠ²ΡΠ·Π°Π½Π½ΠΎΠΉ Ρ BMC.
ΠΠ»Ρ ΠΏΠΎΠ»ΡΡΠ΅Π½ΠΈΡ Π΄ΠΎΠΏΠΎΠ»Π½ΠΈΡΠ΅Π»ΡΠ½ΠΎΠΉ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ ΠΈ ΡΠ΅Ρ
Π½ΠΈΡΠ΅ΡΠΊΠΈΡ
Π΄Π΅ΡΠ°Π»Π΅ΠΉ ΡΠ΅ΠΊΠΎΠΌΠ΅Π½Π΄ΡΠ΅ΡΡΡ ΠΎΠ·Π½Π°ΠΊΠΎΠΌΠΈΡΡΡΡ Ρ ΠΏΠΎΠ»Π½ΡΠΌ ΠΎΡΡΡΡΠΎΠΌ ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΈ Eclypsium.
**Bleeping Computer** β *Critical AMI MegaRAC bug can let attackers hijack, brick servers*
ΠΡΡΠΎΡΠ½ΠΈΠΊ
**Eclypsium** β ΠΡΡΠ»Π΅Π΄ΠΎΠ²Π°Π½ΠΈΠ΅ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ Π² MegaRAC BMC (ΠΎΡΠΈΡΠΈΠ°Π»ΡΠ½ΡΠΉ ΠΎΡΡΡΡ)
ΠΡΡΠΎΡΠ½ΠΈΠΊ
**NIST National Vulnerability Database (NVD)** β ΠΠ°ΠΏΠΈΡΡ ΠΎ CVE-2024-54085
ΠΡΡΠΎΡΠ½ΠΈΠΊ
**Hewlett Packard Enterprise (HPE) Security Advisories** β Π‘ΠΎΠΎΠ±ΡΠ΅Π½ΠΈΡ ΠΎ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΡΡΠΈ ΡΠ΅ΡΠ²Π΅ΡΠ½ΡΡ
ΠΏΡΠΎΠ΄ΡΠΊΡΠΎΠ²
ΠΡΡΠΎΡΠ½ΠΈΠΊ
**Asus ΠΈ ASRock Security Bulletins** β ΠΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ ΠΎΠ± ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ Π² ΡΠ΅ΡΠ²Π΅ΡΠ½ΡΡ
ΠΌΠ°ΡΠ΅ΡΠΈΠ½ΡΠΊΠΈΡ
ΠΏΠ»Π°ΡΠ°Ρ
ΠΡΡΠΎΡΠ½ΠΈΠΊ (Asus)
ΠΡΡΠΎΡΠ½ΠΈΠΊ (ASRock)
**Π Π΅ΠΊΠΎΠΌΠ΅Π½Π΄Π°ΡΠΈΠΈ ΠΏΠΎ Π·Π°ΡΠΈΡΠ΅ ΠΎΡ ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΠΈ AMI MegaRAC (CVE-2024-54085)**
**ΠΠ±Π½ΠΎΠ²Π»Π΅Π½ΠΈΠ΅ ΠΏΡΠΎΡΠΈΠ²ΠΊΠΈ** β ΠΠ΅ΠΌΠ΅Π΄Π»Π΅Π½Π½ΠΎ ΠΏΡΠΎΠ²Π΅ΡΠΈΡΡ ΠΈ ΠΎΠ±Π½ΠΎΠ²ΠΈΡΡ BMC-ΠΏΡΠΎΡΠΈΠ²ΠΊΡ Π΄ΠΎ ΠΏΠΎΡΠ»Π΅Π΄Π½Π΅ΠΉ Π²Π΅ΡΡΠΈΠΈ, ΡΠΎΠ΄Π΅ΡΠΆΠ°ΡΠ΅ΠΉ ΠΈΡΠΏΡΠ°Π²Π»Π΅Π½ΠΈΡ.
**ΠΠ³ΡΠ°Π½ΠΈΡΠ΅Π½ΠΈΠ΅ Π΄ΠΎΡΡΡΠΏΠ°** β ΠΡΠΊΠ»ΡΡΠΈΡΡ ΡΠ΄Π°Π»ΡΠ½Π½ΡΠ΅ ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΡ ΡΠΏΡΠ°Π²Π»Π΅Π½ΠΈΡ (Redfish, IPMI) ΠΎΡ Π²Π½Π΅ΡΠ½ΠΈΡ
ΡΠ΅ΡΠ΅ΠΉ ΠΈ ΠΎΠ³ΡΠ°Π½ΠΈΡΠΈΡΡ Π΄ΠΎΡΡΡΠΏ ΡΠΎΠ»ΡΠΊΠΎ Π΄ΠΎΠ²Π΅ΡΠ΅Π½Π½ΡΠΌ IP-Π°Π΄ΡΠ΅ΡΠ°ΠΌ.
**ΠΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³ Π°ΠΊΡΠΈΠ²Π½ΠΎΡΡΠΈ** β ΠΠ°ΡΡΡΠΎΠΈΡΡ Π»ΠΎΠ³ΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ ΠΈ ΠΌΠΎΠ½ΠΈΡΠΎΡΠΈΠ½Π³ ΠΏΠΎΠΏΡΡΠΎΠΊ Π½Π΅ΡΠ°Π½ΠΊΡΠΈΠΎΠ½ΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠ³ΠΎ Π΄ΠΎΡΡΡΠΏΠ° ΠΊ BMC.
**Π‘Π΅Π³ΠΌΠ΅Π½ΡΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ ΡΠ΅ΡΠΈ** β Π Π°Π·ΠΌΠ΅ΡΡΠΈΡΡ BMC Π² ΠΎΡΠ΄Π΅Π»ΡΠ½ΠΎΠΉ ΠΈΠ·ΠΎΠ»ΠΈΡΠΎΠ²Π°Π½Π½ΠΎΠΉ ΡΠ΅ΡΠΈ, Π½Π΅Π΄ΠΎΡΡΡΠΏΠ½ΠΎΠΉ ΠΈΠ· ΠΈΠ½ΡΠ΅ΡΠ½Π΅ΡΠ°.
**ΠΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ VPN** β ΠΡΠ»ΠΈ ΡΠ΄Π°Π»ΡΠ½Π½ΡΠΉ Π΄ΠΎΡΡΡΠΏ ΠΊ BMC Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌ, ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Π±Π΅Π·ΠΎΠΏΠ°ΡΠ½ΠΎΠ΅ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΡΠ΅ΡΠ΅Π· VPN.
**ΠΡΡΡΠΊΠ°Ρ Π°ΡΡΠ΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΡ** β ΠΠΊΠ»ΡΡΠΈΡΡ Π΄Π²ΡΡ
ΡΠ°ΠΊΡΠΎΡΠ½ΡΡ Π°ΡΡΠ΅Π½ΡΠΈΡΠΈΠΊΠ°ΡΠΈΡ (2FA) ΠΈ ΡΠΌΠ΅Π½ΠΈΡΡ ΡΡΠ°Π½Π΄Π°ΡΡΠ½ΡΠ΅ ΠΏΠ°ΡΠΎΠ»ΠΈ.
**ΠΡΠ΄ΠΈΡ ΡΡΠ·Π²ΠΈΠΌΡΡ
ΡΡΡΡΠΎΠΉΡΡΠ²** β ΠΡΠΎΠ²Π΅ΡΠΈΡΡ ΡΠΏΠΈΡΠΎΠΊ ΡΠ΅ΡΠ²Π΅ΡΠΎΠ² Π² ΠΈΠ½ΡΡΠ°ΡΡΡΡΠΊΡΡΡΠ΅, ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡΡΠΈΡ
MegaRAC BMC, ΠΈ ΠΎΡΠ΅Π½ΠΈΡΡ ΠΈΡ
ΡΡΠ·Π²ΠΈΠΌΠΎΡΡΡ.
**Π₯ΡΡΡΠ΅Π³ΠΈ**
#CyberSecurity #Infosec #CVE202454085 #MegaRAC #BMC #ServerSecurity #Vulnerability #DataProtection #Redfish #ITSecurity #PatchNOW
Understanding the Vulnerabilities of AMI MegaRAC BMC Software
https://thedefendopsdiaries.com/understanding-the-vulnerabilities-of-ami-megarac-bmc-software/
#Intel and #Lenovo servers impacted by 6-year-old #BMC flaw
During recent scans of Baseboard Management Controllers, Binarly firmware security firm discovered a remotely exploitable heap out-of-bounds read vulnerability through the #Lighttpd web server processing "folded" HTTP request headers.
It was addressed in August 2018, the maintainers of Lighthttpd patched it silently in version 1.4.51 but #AMI #MegaRAC BMC to missed the fix, possibly because no #CVE was assigned.
https://www.bleepingcomputer.com/news/security/intel-and-lenovo-servers-impacted-by-6-year-old-bmc-flaw/
Teils kritische #Schwachstellen in #Adobe ColdFusion, #Citrix NetScaler ADC und Gateway sowie AMI #MegaRAC BMC-Software, Datepanne bei #VirusTotal, #Cyber Angriff auf TOMRA, aktuelle #Phishing Warnungen und neues Messaging Layer Security Protokoll #MLS.
https://www.lastbreach.de/blog/die-weekly-hacker-news-230724
The AMI MegaRAC BMC vulnerability disclosure for CVE-2022-40259 lists a file with the following filename
AMI_MegaRAC_SPx_Redfish_Authentication_Vulnerabilities.pdf
from the cp.ami.com website, but that file is not available.
cc @deltatux @bradbeam @fuzzychef @smorreel
( #redfish )
new AMI #MegaRAC #BMC #CVE drop:
CVE-2022-40259: Arbitrary code execution flaw via #Redfish API due to improper exposure of commands to the user. (CVSS v3.1 score: 9.9 βcriticalβ)
CVE-2022-40242: Default credentials for sysadmin user, allowing attackers to establish administrative shell. (CVSS v3.1 score: 8.3 βhighβ)
CVE-2022-2827: Request manipulation flaw allowing an attacker to enumerate usernames and determine if an account exists. (CVSS v3.1 score: 7.5 βhighβ)
