The MegaRAC Baseboard Management Controller (BMC) software from American Megatrends (AMI) contains three security vulnerabilities that could allow remote code execution on vulnerable servers.
Firmware and hardware security firm Eclypsium stated in a report shared with The Hacker News that “the impact of exploiting these vulnerabilities include remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking). BMCs are privileged independent systems that are used in servers to manage the host operating system and low-level hardware settings, even when the machine is off.
Also Read: Strategies to Choose the Right Cybersecurity Risk Framework
The conclusions once more emphasize how crucial it is to protect the firmware supply chain and make sure that BMC systems are not directly connected to the internet.
Read More: New BMC Supply Chain Vulnerabilities Affect Servers from Dozens of Manufacturers
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
