CVE-2024-54085

Sažetak

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

Reference

https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf
https://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tool-imperils-thousands-of-servers/
https://eclypsium.com/blog/bmc-vulnerability-cve-2024-05485-cisa-known-exploited-vulnerabilities/
https://security.netapp.com/advisory/ntap-20250328-0003/
https://www.bleepingcomputer.com/news/security/cisa-ami-megarac-bug-that-lets-hackers-brick-servers-now-actively-exploited/
https://www.networkworld.com/article/4013368/ami-megarac-authentication-bypass-flaw-is-being-exploitated-cisa-warns.html
https://nvd.nist.gov/vuln/detail/CVE-2024-54085
https://security.netapp.com/advisory/ntap-20250328-0003/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-54085

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

05-11-2025 - 19:30

Objavljeno

11-03-2025 - 14:15