CVE-2024-54085

Published Mar 11, 2025

Last updated 20 days ago

CVSS critical 10.0
AMI

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-54085 is a vulnerability found in AMI's SPx Baseboard Management Controller (BMC) software. It allows a remote attacker to bypass authentication through the Redfish Host Interface. Successful exploitation of this vulnerability could lead to a complete compromise of the affected system, including loss of confidentiality, integrity, and availability. AMI has released updates to address this vulnerability in SPx versions SPx_12.7+ and SPx_13.5.

Description
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
Source
biossecurity@ami.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
10
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

Weaknesses

biossecurity@ami.com
CWE-290

Social media

Hype score
Not currently trending

  1. CVE-2024-54085 - AMI MegaRAC BMC authentication bypass vulnerability https://t.co/c6FsSgyjSa https://t.co/ltNhRBfovy

    @SirajD_Official

    14 Apr 2025

    14 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ثغرة #CVE-2024-54085 في AMI MegaRAC BMC! محتويات المدونة⬇️ ☑️التأثير: #RCE، تلف البرامج، إعادة التشغيل اللانهائ ☑️الاصدارات: MegaRACSP-X 2024-08-27 وقبل ☑️بحث https://t.co/gKKiwWs7Q2 ب: title: MegaRAC ☑️إجراءات الأمان: استخدم أحدث الاصدارات و #ASM https://t.co/KS9qp66Aod https://

    @CriminalIP_AR

    11 Apr 2025

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 서버 장악 위협 AMI MegaRAC BMC 취약점 #CVE-2024-54085! 블로그 미리보기⬇️ ☑️주요 영향: #RCE, 펌웨어 손상, 무한 재부팅 ☑️취약 버전: MegaRAC SP-X 2024-08-27 이전 버전 ☑️https://t.co/ZdemHmPDgn 탐색 쿼리: title: MegaRAC ☑️보안 조치: 최신 펌웨어 & #ASM 활용 https://t.co/42ROEHXQzL https://t.co/RvWa4Y32AD

    @CriminalIP_KR

    11 Apr 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨AMI MegaRAC BMC vulnerability #CVE-2024-54085: attackers fully hijack your server 😱 Blog sneak peek ⬇️ ☑️ Impact: #RCE, firmware damage, endless reboots ☑️ Affected: pre-2024-08-27 MegaRAC SP-X ☑️ Query: title: MegaRAC ☑️ Fix: Patch it & use #ASM https://t.co/JVE1egjdCF h

    @CriminalIP_US

    10 Apr 2025

    104 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2024-54085 - AMI MegaRAC BMC authentication bypass vulnerability https://t.co/5i7uNOjEdV https://t.co/qexuKOlEOD

    @IdentityJason

    8 Apr 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Actively exploited CVE : CVE-2024-54085

    @transilienceai

    27 Mar 2025

    17 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  7. A major security flaw, CVE-2024-54085, has been detected in MegaRAC BMC software, exposing data centers to severe threats. This vulnerability could enable attackers to gain unauthorized access. #CyberSecurity #Data #BMCVulnerability #networksecurity https://t.co/SRrgSSpKyB

    @Kiarataylor07

    25 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2024-54085 (CVSS 10): Critical BMC Flaw Exposes Servers to Total Takeover, Destruction https://t.co/RUpeuk1YRk

    @Dinosn

    20 Mar 2025

    2206 Impressions

    6 Retweets

    26 Likes

    5 Bookmarks

    0 Replies

    1 Quote

  9. A critical vulnerability, CVE-2024-54085, has been discovered in the AMI MegaRAC firmware, scoring a 10 on the CVSS scale. This flaw allows an authentication bypass in the Redfish API, affecting several major server brands including Asus and Lenovo. Fortunate users need to app...

    @CybrPulse

    19 Mar 2025

    39 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. 🚨 Critical AMI MegaRAC flaw (CVE-2024-54085) lets remote attackers hijack, brick, and infect servers from HPE, Asus, ASRock, and more. 1,000+ servers exposed online! Patch now! #Deepweb #Darkweb More breaking news from the world and the Darkweb here: https://t.co/ZF7G3lwRdM http

    @godeepweb

    19 Mar 2025

    60 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. ⚠️ Vulnerability Alert: Severe AMI BMC Vulnerability 📅 Timeline: Disclosure: 2025-03-11 📌 Attribution: 🆔cveId: CVE-2024-54085 📊baseScore: 10.0 📏cvssMetrics:… https://t.co/Z2OGzmaNG4

    @syedaquib77

    19 Mar 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. A critical vulnerability in AMI’s MegaRAC software, known as CVE-2024-54085, could allow attackers to bypass authentication remotely and gain complete control over compromised servers. With a staggering CVSS score of 10.0, this flaw impacts numerous data center infrastructures...

    @CybrPulse

    19 Mar 2025

    25 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  13. 🚨 Critical AMI BMC Vulnerability (CVE-2024-54085) – CVSS 10.0! A severe authentication bypass flaw allows attackers to: 🔹 Remotely control servers & deploy malware 🔹 Tamper with firmware, brick motherboards & cause reboot loops 🔹 Potentially damage hardware ⚠️ Affe

    @achi_tech

    19 Mar 2025

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. A critical flaw in AMI MegaRAC BMC software (CVE-2024-54085) enables attackers to hijack and damage servers. Admins urged to patch urgently to prevent risks. https://t.co/Hdbbhu98Wg

    @Teemu_Tiainen

    19 Mar 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CVE-2024-54085 : Critical AMI MegaRAC bug can let attackers hijack, brick servers #IPMI https://t.co/Tcrk6r9yCn

    @freedomhack101

    19 Mar 2025

    31 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  16. CVE-2024-54085:重大なAMI MegaRACのバグにより、攻撃者がサーバーを乗っ取ったり、破損させたりする可能性があります。 https://t.co/uRW6CJZ96T #Security #セキュリティ #ニュース

    @SecureShield_

    19 Mar 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. A critical vulnerability (CVE-2024-54085) in AMI’s MegaRAC BMC software can let attackers remotely hijack and damage servers. Affects many vendors like HPE and Asus. 🛡️⚠️ #ServerSecurity #AMIVulnerability #USA link: https://t.co/WpcJjZFFcz https://t.co/bOXWZk4Lv2

    @TweetThreatNews

    18 Mar 2025

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 📌 تم الكشف عن ثغرة أمنية خطيرة في برنامج BMC التابع لشركة AMI، مما يمكن المهاجمين من تجاوز المصادقة. تُعزى الثغرة، المصنفة CVE-2024-54085، إلى درجة خطورة قصوى (10.0) وقد تسمح بالاستيلاء على الخوادم عن بُعد وتلفها. #الامن_السيبراني https://t.co/zE12921mDV

    @Cybercachear

    18 Mar 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. Today, Eclypsium released more details about CVE-2024-54085 - A CVSS 10.0 severity vulnerability in BMC software, remotely exploitable authentication bypass (with an SSRF flair). At last count, there are over 1,000 exposed to the Internet. The exploit is very simple.… https://t.c

    @securityweekly

    18 Mar 2025

    410 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. 🚨 Critical AMI BMC Vulnerability (CVE-2024-54085) – CVSS 10.0! A severe authentication bypass flaw allows attackers to: 🔹 Remotely control servers & deploy malware 🔹 Tamper with firmware, brick motherboards & cause reboot loops 🔹 Potentially damage hardware ⚠️ Affe

    @TheHackersNews

    18 Mar 2025

    12962 Impressions

    42 Retweets

    108 Likes

    13 Bookmarks

    2 Replies

    4 Quotes

  21. 🚨 Critical AMI BMC Vulnerability (CVE-2024-54085) – 10.0 CVSS! A newly disclosed authentication bypass flaw allows attackers to: — Remotely control servers & deploy malware — Tamper with firmware, brick motherboards & cause indefinite reboots — Potentially damage physi

    @TheHackersNews

    18 Mar 2025

    918 Impressions

    1 Retweet

    3 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  22. 🚨 AMI has released updates to address critical vulnerabilities in SPx, AptioV, and EDK2 firmware. CVE-2024-54085 allows remote authentication bypass, posing severe risks. #AMIFirmware #CVE2024 #USA link: https://t.co/9rvOsTes9E https://t.co/0GNNjhHmjk

    @TweetThreatNews

    13 Mar 2025

    16 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  23. [CVE-2024-54085: CRITICAL] Vulnerability in AMI’s SPx BMC allows remote authentication bypass through Redfish Host Interface, leading to potential loss of confidentiality, integrity, and availability.#cybersecurity,#vulnerability https://t.co/10XLIEBlNO https://t.co/wg9M3lPHgO

    @CveFindCom

    11 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. CVE-2024-54085 AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of th… https://t.co/4Ld6oNOwAo

    @CVEnew

    11 Mar 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References