wikiSafety instructions for AMI MegaRAC SPx CVE-2024-54085
In March 2025, details about a security gap in AMI MegaRAC BMC were published under the CVE ID: CVE-2024-54085. The AMI MegaRAC SPx firmware contains a weak spot, which allows an attacker to bypass the authentication of the BMC remotely via the redfish host interface. A successful exploitation of this weak gap can lead to a loss of trust, integrity, and/or availability.[1]
Recommendation for the safe use of BMC
Our recommendation for the safe use of remote maintenance chips can be found in the article IPMI best practices.
Please note that your remote maintenance port of your server has to be configured in a separated (not available via the Internet) network. Please read the paragraph network of the mentioned article.[2]
Systems affected
Systems with BMC firmware of AMI are potentially affected. Supermicro based systems are not affected of this gap. The security gap is due to incorrect checks in the redfish host interface code. With an additional HTTP header entry in the form of "X-Server-Addr: 169.254.0.17:" (in this example, 169.254.0.17 is the "IPv4 Redfish Service Address" of the redfish host interface), an attacker can create an additional admin user on the BMC without further knowledge.[3]
Updates for products of Thomas-Krenn
Updates for the corresponding system can be found, when available, in the download area Thomas-Krenn. The updates in the download area have been tested by ourselves to ensure the stability and the compatibility of our systems.
If you need the latest version for your system and it is not yet available in our download area, you can get this version in the downloading area at Asus or Supermicro.
References
- ↑ CVE-2024-54085 (nvd.nist.gov, 11.03.2025)
- ↑ Harden Baseboard Management Controllers (media.defense.gov, Juni 2023)
- ↑ Remotely Exploitable AMI MegaRAC Vulnerabilities - BMC&C Part 3 (eclypsium.com/blog, 18.03.2025)
More information
- Security Audit Reported Vulnerabilities ID - AMI-SA-2025003 (PDF, go.ami.com, 13.03.2025)
- Security vulnerability with maximum risk level in remote server maintenance (www.heise.de, 19.03.2025)
 |
Author: Werner Fischer Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.
|
