New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking

A critical vulnerability in AMI’s MegaRAC Baseboard Management Controller (BMC) software, CVE-2024-54085, allows attackers to bypass authentication and remotely control servers. This vulnerability, along with others discovered since December 2022, can lead to server takeover, malware deployment, and potential physical damage. AMI has released patches, but patching requires device downtime and affects over a dozen manufacturers.