AI description
CVE-2024-54085 is a vulnerability found in AMI's SPx Baseboard Management Controller (BMC) software. It allows a remote attacker to bypass authentication through the Redfish Host Interface. Successful exploitation of this vulnerability could lead to a complete compromise of the affected system, including loss of confidentiality, integrity, and availability. AMI has released updates to address this vulnerability in SPx versions SPx_12.7+ and SPx_13.5.
- Description
- AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
- Source
- biossecurity@ami.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- biossecurity@ami.com
- CWE-290
- Hype score
- Not currently trending
ASUS releases fix for AMI bug that lets hackers brick servers ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. [...]ASUS has released security updates to address CVE-2024-...
@SecurityAid
4 May 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in the MegaRAC Baseboard Management Controller (BMC) identified as CVE-2024-54085 poses a severe risk of ransomware and malware infections, prompting urgent patches from various OEMs, including ASUS. With the flaw being rated 10/10 in severity, immedia...
@CybrPulse
26 Apr 2025
30 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers. https://t.co/cu1ZuK7w8q #rhymtech #thinkcyberthinkrhym #rhymcyberupdates
@Rhym_Tech
24 Apr 2025
6 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 ASUS lanza actualizaciones de seguridad para abordar una falla (CVE-2024-54085) relacionada al software MegaRAC Baseboard Management Controller (BMC) de American Megatrends International, que podría permitir secuestrar y potencialmente bloquear servidores. 🧉 https://t.co/ZRgn
@MarquisioX
23 Apr 2025
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
ASUSは、深刻度が最大とされる脆弱性CVE-2024-54085に対応するセキュリティ更新を発表した。 この脆弱性は、複数のサーバーベンダーが採用するAMI社のMegaRAC BMCソフトウェアに存在し、遠隔からの攻撃によりマルウェア感染やファームウェア改ざん、過電圧による物理的損傷が可能となる。
@yousukezan
23 Apr 2025
1942 Impressions
4 Retweets
11 Likes
3 Bookmarks
0 Replies
0 Quotes
🚨 Critical ASUS server security update! CVE-2024-54085 can let attackers take control. Update your firmware NOW to prevent malware, firmware tampering, and server damage. Details & fixes here: 👇 #Cybersecurity #ASUS #ServerSecurity https://t.co/qBqLeKLqGJ
@fernandokarl
23 Apr 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 أصدرت شركة ASUS تحديثات أمان لمعالجة ثغرة CVE-2024-54085، التي تعتبر من أخطر الثغرات، حيث يمكن أن تسمح للمهاجمين بالاستيلاء على الخوادم وإتلافها. https://t.co/1QbAYYak15
@Cybercachear
23 Apr 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54085 - AMI MegaRAC BMC authentication bypass vulnerability https://t.co/c6FsSgyjSa https://t.co/ltNhRBfovy
@SirajD_Official
14 Apr 2025
14 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
ثغرة #CVE-2024-54085 في AMI MegaRAC BMC! محتويات المدونة⬇️ ☑️التأثير: #RCE، تلف البرامج، إعادة التشغيل اللانهائ ☑️الاصدارات: MegaRACSP-X 2024-08-27 وقبل ☑️بحث https://t.co/gKKiwWs7Q2 ب: title: MegaRAC ☑️إجراءات الأمان: استخدم أحدث الاصدارات و #ASM https://t.co/KS9qp66Aod https://
@CriminalIP_AR
11 Apr 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
서버 장악 위협 AMI MegaRAC BMC 취약점 #CVE-2024-54085! 블로그 미리보기⬇️ ☑️주요 영향: #RCE, 펌웨어 손상, 무한 재부팅 ☑️취약 버전: MegaRAC SP-X 2024-08-27 이전 버전 ☑️https://t.co/ZdemHmPDgn 탐색 쿼리: title: MegaRAC ☑️보안 조치: 최신 펌웨어 & #ASM 활용 https://t.co/42ROEHXQzL https://t.co/RvWa4Y32AD
@CriminalIP_KR
11 Apr 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨AMI MegaRAC BMC vulnerability #CVE-2024-54085: attackers fully hijack your server 😱 Blog sneak peek ⬇️ ☑️ Impact: #RCE, firmware damage, endless reboots ☑️ Affected: pre-2024-08-27 MegaRAC SP-X ☑️ Query: title: MegaRAC ☑️ Fix: Patch it & use #ASM https://t.co/JVE1egjdCF h
@CriminalIP_US
10 Apr 2025
104 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54085 - AMI MegaRAC BMC authentication bypass vulnerability https://t.co/5i7uNOjEdV https://t.co/qexuKOlEOD
@IdentityJason
8 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Actively exploited CVE : CVE-2024-54085
@transilienceai
27 Mar 2025
17 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
A major security flaw, CVE-2024-54085, has been detected in MegaRAC BMC software, exposing data centers to severe threats. This vulnerability could enable attackers to gain unauthorized access. #CyberSecurity #Data #BMCVulnerability #networksecurity https://t.co/SRrgSSpKyB
@Kiarataylor07
25 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54085 (CVSS 10): Critical BMC Flaw Exposes Servers to Total Takeover, Destruction https://t.co/RUpeuk1YRk
@Dinosn
20 Mar 2025
2206 Impressions
6 Retweets
26 Likes
5 Bookmarks
0 Replies
1 Quote
A critical vulnerability, CVE-2024-54085, has been discovered in the AMI MegaRAC firmware, scoring a 10 on the CVSS scale. This flaw allows an authentication bypass in the Redfish API, affecting several major server brands including Asus and Lenovo. Fortunate users need to app...
@CybrPulse
19 Mar 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical AMI MegaRAC flaw (CVE-2024-54085) lets remote attackers hijack, brick, and infect servers from HPE, Asus, ASRock, and more. 1,000+ servers exposed online! Patch now! #Deepweb #Darkweb More breaking news from the world and the Darkweb here: https://t.co/ZF7G3lwRdM http
@godeepweb
19 Mar 2025
60 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Severe AMI BMC Vulnerability 📅 Timeline: Disclosure: 2025-03-11 📌 Attribution: 🆔cveId: CVE-2024-54085 📊baseScore: 10.0 📏cvssMetrics:… https://t.co/Z2OGzmaNG4
@syedaquib77
19 Mar 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability in AMI’s MegaRAC software, known as CVE-2024-54085, could allow attackers to bypass authentication remotely and gain complete control over compromised servers. With a staggering CVSS score of 10.0, this flaw impacts numerous data center infrastructures...
@CybrPulse
19 Mar 2025
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical AMI BMC Vulnerability (CVE-2024-54085) – CVSS 10.0! A severe authentication bypass flaw allows attackers to: 🔹 Remotely control servers & deploy malware 🔹 Tamper with firmware, brick motherboards & cause reboot loops 🔹 Potentially damage hardware ⚠️ Affe
@achi_tech
19 Mar 2025
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical flaw in AMI MegaRAC BMC software (CVE-2024-54085) enables attackers to hijack and damage servers. Admins urged to patch urgently to prevent risks. https://t.co/Hdbbhu98Wg
@Teemu_Tiainen
19 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54085 : Critical AMI MegaRAC bug can let attackers hijack, brick servers #IPMI https://t.co/Tcrk6r9yCn
@freedomhack101
19 Mar 2025
31 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-54085:重大なAMI MegaRACのバグにより、攻撃者がサーバーを乗っ取ったり、破損させたりする可能性があります。 https://t.co/uRW6CJZ96T #Security #セキュリティ #ニュース
@SecureShield_
19 Mar 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2024-54085) in AMI’s MegaRAC BMC software can let attackers remotely hijack and damage servers. Affects many vendors like HPE and Asus. 🛡️⚠️ #ServerSecurity #AMIVulnerability #USA link: https://t.co/WpcJjZFFcz https://t.co/bOXWZk4Lv2
@TweetThreatNews
18 Mar 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 تم الكشف عن ثغرة أمنية خطيرة في برنامج BMC التابع لشركة AMI، مما يمكن المهاجمين من تجاوز المصادقة. تُعزى الثغرة، المصنفة CVE-2024-54085، إلى درجة خطورة قصوى (10.0) وقد تسمح بالاستيلاء على الخوادم عن بُعد وتلفها. #الامن_السيبراني https://t.co/zE12921mDV
@Cybercachear
18 Mar 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Today, Eclypsium released more details about CVE-2024-54085 - A CVSS 10.0 severity vulnerability in BMC software, remotely exploitable authentication bypass (with an SSRF flair). At last count, there are over 1,000 exposed to the Internet. The exploit is very simple.… https://t.c
@securityweekly
18 Mar 2025
410 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 Critical AMI BMC Vulnerability (CVE-2024-54085) – CVSS 10.0! A severe authentication bypass flaw allows attackers to: 🔹 Remotely control servers & deploy malware 🔹 Tamper with firmware, brick motherboards & cause reboot loops 🔹 Potentially damage hardware ⚠️ Affe
@TheHackersNews
18 Mar 2025
12962 Impressions
42 Retweets
108 Likes
13 Bookmarks
2 Replies
4 Quotes
🚨 Critical AMI BMC Vulnerability (CVE-2024-54085) – 10.0 CVSS! A newly disclosed authentication bypass flaw allows attackers to: — Remotely control servers & deploy malware — Tamper with firmware, brick motherboards & cause indefinite reboots — Potentially damage physi
@TheHackersNews
18 Mar 2025
918 Impressions
1 Retweet
3 Likes
2 Bookmarks
0 Replies
1 Quote
🚨 AMI has released updates to address critical vulnerabilities in SPx, AptioV, and EDK2 firmware. CVE-2024-54085 allows remote authentication bypass, posing severe risks. #AMIFirmware #CVE2024 #USA link: https://t.co/9rvOsTes9E https://t.co/0GNNjhHmjk
@TweetThreatNews
13 Mar 2025
16 Impressions
0 Retweets
1 Like
0 Bookmarks
1 Reply
0 Quotes
[CVE-2024-54085: CRITICAL] Vulnerability in AMI’s SPx BMC allows remote authentication bypass through Redfish Host Interface, leading to potential loss of confidentiality, integrity, and availability.#cybersecurity,#vulnerability https://t.co/10XLIEBlNO https://t.co/wg9M3lPHgO
@CveFindCom
11 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-54085 AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of th… https://t.co/4Ld6oNOwAo
@CVEnew
11 Mar 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes