CVE-2024-54085
CRITICALCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Description
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
Analysis
A critical authentication bypass in AMI SPx BMC firmware allows unauthenticated remote attackers to gain full control of server hardware through the Redfish Host Interface. This KEV-listed vulnerability (CVSS 9.8) threatens the entire server fleet of organizations using AMI-based BMC implementations, enabling attackers to persist below the OS layer where traditional security tools cannot detect them.
Technical Context
The Redfish Host Interface in AMI SPx BMC does not properly validate authentication tokens, allowing attackers to spoof credentials and authenticate as administrative users. BMC (Baseboard Management Controller) operates at the hardware level, independent of the operating system, making this particularly dangerous — compromised BMCs persist across OS reinstalls and can manipulate hardware, intercept data, and maintain covert access.
Affected Products
['AMI SPx BMC firmware (multiple OEM server platforms)']
Remediation
Apply AMI firmware update immediately. Isolate BMC management interfaces on dedicated management VLANs with strict access controls. Disable Redfish Host Interface if not required. Implement network segmentation to prevent unauthorized access to BMC ports (typically 443, 80, 623).
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today