According to researchers at Eclypsium, attackers employing disruptive tactics can exploit the diverse environments present in data centers to issue harmful commands to management controllers known as Baseboard Management Controllers (BMCs). This could lead to a situation where all devices on the same management network are forced to reboot continuously, creating a state of persistent downtime that operators may find impossible to halt. In the worst-case scenarios, affected organizations could face extended outages that would require re-provisioning of devices for recovery.

Over the past decade, the vulnerabilities and misconfigurations of BMCs—such as the use of hardcoded credentials—have attracted the attention of malicious actors. In 2022, security experts uncovered a malicious implant called iLOBleed, believed to be the product of an advanced persistent threat (APT) group, which exploited weaknesses in HPE’s Integrated Lights-Out (iLO) management platform. Prior to this, in 2018, the JungleSec ransomware group took advantage of default credentials in Intelligent Platform Management Interface (IPMI) systems to breach Linux servers. Earlier incidents, such as one in 2016, saw an APT group exploiting Intel’s Management Engine (Intel ME) through the Active Management Technology (AMT) Serial-over-LAN (SOL) feature, using it to covertly transfer files within compromised networks.

OEM and Server Manufacturers Responsible for Remediation

In response to these vulnerabilities, AMI has issued an advisory alongside patches for its original equipment manufacturer (OEM) partners. However, end-users are reliant on their respective server manufacturers to implement these patches and provide necessary firmware updates. Alongside the vulnerabilities addressed in its recent advisories, AMI has also remediated another issue, identified as CVE-2024-54084, which poses a risk of arbitrary code execution within its AptioV Unified Extensible Firmware Interface (UEFI) implementation. Manufacturers such as HPE and Lenovo have already begun rolling out updates that incorporate AMI’s fix for the CVE-2024-54085 vulnerability.

Source
www.csoonline.com

Severe Vulnerability in AMI MegaRAC BMC Exposes Servers to Takeover Threats

OEM and Server Manufacturers Responsible for Remediation

Navigating the CISO Cloud Security Dilemma: Purchase, Build, or a Combination of Both?

Cyberkriminelle optimieren ihre Angriffsstrategien.

CNAPP-Kaufberatung

PETA Calls for MrBeast to “Leave Animals Alone” After 100 Men vs. Gorilla Video Sparks Controversy

10 Must-See Dark Fantasy Films for Fans of ‘Game of Thrones’

Looking for a New TV Addiction? Viaplay’s “Chaos” Could Be Your Ideal Summer Getaway!

Breaking news

King Charles III Shares Insights on His Cancer Diagnosis and Treatment Journey

Syria: UN Envoy Issues Warning on Rising Violence

Ex-Alberta Minister Peter Guthrie Presents Cabinet Notes, Advocates for Transparency

US and Ukraine Move Closer to Critical Minerals Agreement

Ukraine and U.S. Officials Near Agreement on Mineral Deal

Rakhee Gulzar Makes Rare Public Appearance, Declines Bollywood Comeback | Watch Now

Stocks Bounce Back, Ending Day in Positive Territory After Initial Declines