Reviews

Actively exploited vulnerability gives extraordinary control over server fleets

By: Chaim Potok

Date:

Share:

Actively exploited vulnerability gives extraordinary control over server fleets

[ad_1]

Actively exploited vulnerability gives extraordinary control over server fleets

On Wednesday, CISA added CVE-2024-54085 to its list of vulnerabilities known to be exploited in the wild. The notice provided no further details.

In an email on Thursday, Eclypsium researchers said the scope of the exploits has the potential to be broad. That scope includes:

  • Attackers could chain multiple BMC exploits to implant malicious code directly into the BMC’s firmware, making their presence extremely difficult to detect and allowing them to survive OS reinstalls or even disk replacements.
  • By operating below the OS, attackers can evade endpoint protection, logging, and most traditional security tools.
  • With BMC access, attackers can remotely power on or off, reboot, or reimage the server, regardless of the primary operating system’s state.
  • Attackers can scrape credentials stored on the system, including those used for remote management, and use the BMC as a launchpad to move laterally within the network
  • BMCs often have access to system memory and network interfaces, enabling attackers to sniff sensitive data or exfiltrate information without detection
  • Attackers with BMC access can intentionally corrupt firmware, rendering servers unbootable and causing significant operational disruption

With no publicly known details of the ongoing attacks, it’s unclear which groups may be behind them. Eclypsium said the most likely culprits would be espionage groups working on behalf of the Chinese government. All five of the specific APT groups Eclypsium named have a history of exploiting firmware vulnerabilities or gaining persistent access to high-value targets.

Eclypsium said the line of vulnerable AMI MegaRAC devices uses an interface known as Redfish. Server makers known to use these products include AMD, Ampere Computing, ASRock, ARM, Fujitsu, Gigabyte, Huawei, Nvidia, Supermicro, and Qualcomm. Some, but not all, of these vendors have released patches for their wares.

Given the damage possible from exploitation of this vulnerability, admins should examine all BMCs in their fleets to ensure they aren’t vulnerable. With products from so many different server makers affected, admins should consult with their manufacturer when unsure if their networks are exposed.

[ad_2]

Source link

Chaim Potok
Chaim Potok

━ more like this

Business

Sends shares Q1 2026 business update and product progress

0
Sends reported Q1 2026 updates sharing news on digital cards, app redesign, ClearBank integration, and fintech industry recognition. Sends, a fintech platform operated by Smartflow...
Reviews

We swipe our phones all day, and scientists just ranked which ones are the most tiring

0
We all know staring at your phone for hours isn’t great for mental health. But what about your fingers? Previously, researchers couldn’t measure...
Gear

Two suspects have been arrested for allegedly shooting at Sam Altman’s house

0
OpenAI CEO Sam Altman's house may have been the target of a second attack after San Francisco Police Department arrested two suspects for...
Reviews

You Can Soon Buy a $4,370 Humanoid Robot on AliExpress

0
Listing consumer electronics on the internet's large ecommerce marketplaces is a key step in “democratizing” the products, allowing them to be purchased by...
Gaming

Retro Rewind re-creates the glorious drudgery of working a ’90s video store

0
spot_img
Previous article
NASA tested a new SLS booster that may never fly, and the end of it blew off
Next article
Most Admired Personality to Look for in 2025 – Insights Success

Tech Reader is a Tech News magazine, publishing all about technology, gears, apps, mobile and reviews. Take your time and immerse yourself in this amazing experience!

━ about

━ follow us

━ subscribe

© Tech Reader - All rights reserved.