AI description
CVE-2024-54085 is a vulnerability found in AMI's SPx Baseboard Management Controller (BMC) software. It allows a remote attacker to bypass authentication through the Redfish Host Interface. Successful exploitation of this vulnerability could lead to a complete compromise of the affected system, including loss of confidentiality, integrity, and availability. AMI has released updates to address this vulnerability in SPx versions SPx_12.7+ and SPx_13.5.
- Description
- AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
- Source
- biossecurity@ami.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- biossecurity@ami.com
- CWE-290
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
A critical vulnerability (CVE-2024-54085) in AMI’s MegaRAC BMC software can let attackers remotely hijack and damage servers. Affects many vendors like HPE and Asus. 🛡️⚠️ #ServerSecurity #AMIVulnerability #USA link: https://t.co/WpcJjZFFcz https://t.co/bOXWZk4Lv2
@TweetThreatNews
18 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Today, Eclypsium released more details about CVE-2024-54085 - A CVSS 10.0 severity vulnerability in BMC software, remotely exploitable authentication bypass (with an SSRF flair). At last count, there are over 1,000 exposed to the Internet. The exploit is very simple.… https://t.c
@securityweekly
18 Mar 2025
350 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical AMI BMC Vulnerability (CVE-2024-54085) – CVSS 10.0! A severe authentication bypass flaw allows attackers to: 🔹 Remotely control servers & deploy malware 🔹 Tamper with firmware, brick motherboards & cause reboot loops 🔹 Potentially damage hardware ⚠️ Affe
@TheHackersNews
18 Mar 2025
9690 Impressions
30 Retweets
64 Likes
7 Bookmarks
1 Reply
3 Quotes
🚨 AMI has released updates to address critical vulnerabilities in SPx, AptioV, and EDK2 firmware. CVE-2024-54085 allows remote authentication bypass, posing severe risks. #AMIFirmware #CVE2024 #USA link: https://t.co/9rvOsTes9E https://t.co/0GNNjhHmjk
@TweetThreatNews
13 Mar 2025
16 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
[CVE-2024-54085: CRITICAL] Vulnerability in AMI’s SPx BMC allows remote authentication bypass through Redfish Host Interface, leading to potential loss of confidentiality, integrity, and availability.#cybersecurity,#vulnerability https://t.co/10XLIEBlNO https://t.co/wg9M3lPHgO
@CveFindCom
11 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54085 AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of th… https://t.co/4Ld6oNOwAo
@CVEnew
11 Mar 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes