Researchers at firmware and hardware security company Eclypsium have identified several potentially serious vulnerabilities in baseboard management controller (BMC) firmware made by AMI (American Megatrends) and used by some of the world’s biggest server manufacturers.
Eclypsium began examining the firmware in August after discovering a data leak that was allegedly caused by AMI. In order to ensure that any vulnerabilities were patched in case malicious actors were also searching for security flaws to exploit, the company decided to examine the leaked software.
Also Read: Key Lessons for Enterprises to Remain Secure When Developing and Using Open-Source software
The focus of the analysis was AMI’s MegaRAC BMC, which is employed by businesses like AMD, Ampere, Asrock, Asus, Arm, Dell, Gigabyte, HPE, Huawei, Inspur, Lenovo, Nvidia, Qualcomm, Quanta, and Tyan.
Read More: Security Flaws in AMI BMC Can Expose Many Data Centers, Clouds to Attacks
