🔴 CVE-2024-54085

Critical authentication bypass vulnerability in AMI MegaRAC BMC software affecting server management interfaces. Allows remote unauthenticated attackers to bypass authentication through the Redfish Host Interface with no user interaction required.

← Back to Overview
HIGH_RISK
Risk Level
10.0
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-03-11

Added to CISA KEV: 2025-06-25 106 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2025-09-06)

CVE-2024-54085 is a critical authentication bypass vulnerability affecting AMI MegaRAC Baseboard Management Controller (BMC) software [1]. Here's what is known about its exploitation:

  • Affects internet-facing applications or services: Yes, search engines have found at least 1000 exposed servers running vulnerable software versions [2].
  • Evidence of active exploitation in the wild: CISA has confirmed active exploitation of this vulnerability [3][4].
  • Attack vectors and exploitation methods:
* The vulnerability allows attackers to bypass authentication by sending a simple web request to a vulnerable BMC device over HTTP [5]. * It is an "Authentication Bypass by Spoofing" flaw [CWE-290] [6][7]. * Attackers can bypass authentication remotely through the Redfish Host Interface [8][9]. * Exploitation is of low complexity and requires no user interaction [10].
  • Whether it's been used in targeted attacks: While specific details on "targeted attacks" are not explicitly available, successful exploitation allows an attacker to remotely control the compromised server [7][6], install malware (including ransomware) [7][6], modify firmware [7][6], and cause irreversible physical damage through over-volting [11], indicating its potential use in such attacks.
  • CISA Known Exploited Vulnerabilities (KEV) status: CISA has added CVE-2024-54085 to its KEV catalog, based on evidence of active exploitation [12][3].
  • Technical details about internet exploitability:
* The vulnerability has a CVSS score of 10.0, which is critical [13][1]. * It can be exploited by remote unauthenticated attackers [10]. * Successful exploitation can lead to a loss of confidentiality, integrity, and/or availability [14][15]. * The vulnerability is found in American Megatrends' (AMI) MegaRAC BMC software [7].

Sources

  1. CVE-2024-54085 - AMI MegaRAC BMC authentication bypass ...

    CVE-2024-54085 is a critical (CVSS score 10.0) authentication bypass vulnerability affecting AMI MegaRAC Baseboard Management Controller (BMC)…

  2. Critical MegaRAC bug affects major server brands | Cybernews

    Search engines that scan internet-facing devices reveal at least 1000 exposed servers running vulnerable software versions. Researchers confirmed the flaw affects HPE Cray XD670, Asus RS720A-E11-RS24U, and ASRockRack servers. How can the flaw be exploited?…

  3. CISA Adds Three Known Exploited Vulnerabilities to Catalog

    CVE-2024-54085 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability ; CVE-2024-0769 D-Link DIR-859 Router Path Traversal Vulnerability ...

  4. CISA Confirms Active Exploitation of Critical AMI MegaRAC BMC ...

    Tracked as CVE-2024-54085, the flaw allows attackers to take complete control of vulnerable servers with minimal effort and no user interaction. MegaRAC BMC software enables remote management of server hardware, including rebooting, troubleshooting, or system recovery—critical features for cloud ser…

  5. Actively exploited vulnerability gives extraordinary control over ...

    On Wednesday, CISA added CVE-2024-54085 to its list of vulnerabilities known to be exploited in the wild. The notice provided no further details.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed