A critical authentication bypass by spoofing vulnerability in AMI MegaRAC SPx server management firmware is now being actively exploited by attackers, creating urgent pressure for enterprises still waiting for complete vendor patches across their infrastructure.
The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2024-54085 to its Known Exploited Vulnerabilities catalog on June 25, signaling a dangerous escalation from theoretical risk to confirmed attacks. The vulnerability affects AMI MegaRAC SPx firmware, the behind-the-scenes software that lets IT teams remotely control servers even when they’re powered off.
The development puts enterprise IT teams in a challenging position: while AMI released patches on March 11, server manufacturers have been slow to integrate and distribute fixes, leaving many organizations vulnerable to a maximum-severity flaw that grants attackers complete control over affected systems.
No Responses