CVE-2024-54085 in MegaRAC-SPx
Summary
by MITRE • 03/11/2025
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 06/26/2025
The vulnerability identified as CVE-2024-54085 affects AMI's SPx platform management controller firmware, specifically within the Baseboard Management Controller (BMC) component that exposes the Redfish Host Interface. This represents a critical authentication bypass flaw that undermines the fundamental security controls designed to protect remote management access to enterprise infrastructure. The vulnerability exists within the BMC's implementation of the Redfish API interface, which serves as the primary mechanism for remote system management and monitoring in modern data center environments. The flaw allows an unauthenticated attacker to gain access to privileged management functions that should require proper authentication credentials, effectively compromising the integrity of the system's security model.
The technical nature of this vulnerability stems from improper authentication validation mechanisms within the BMC's Redfish implementation. Attackers can exploit this weakness to remotely access management interfaces without providing valid credentials, potentially gaining access to system configuration settings, firmware updates, user accounts, and other sensitive administrative functions. The vulnerability specifically affects the authentication flow within the Redfish Host Interface, where the system fails to properly validate session tokens or authentication requests before granting access to management resources. This type of flaw falls under the CWE-287 category of "Improper Authentication" and represents a direct violation of the principle of least privilege that should govern all remote management interfaces. The vulnerability's impact extends beyond simple unauthorized access as it can enable attackers to manipulate system configurations, install malicious firmware, or disable security features.
The operational impact of CVE-2024-54085 is severe and multifaceted, particularly in enterprise data center environments where remote management capabilities are extensively used. Organizations running affected AMI SPx systems face potential compromise of their entire infrastructure management chain, as attackers could gain access to multiple systems simultaneously through a single successful exploitation. The vulnerability can lead to complete system takeover, enabling attackers to modify critical system parameters, exfiltrate sensitive data, or disrupt service availability through configuration changes. This flaw particularly affects environments using Redfish-based management solutions, where the interface serves as the primary gateway for remote system administration and monitoring tasks. The vulnerability's remote exploitability means that attackers can target these systems from anywhere on the internet without requiring physical access or local network presence, making it particularly dangerous for organizations with exposed management interfaces.
Organizations should implement immediate mitigations including disabling unused Redfish interfaces, implementing network segmentation to isolate management traffic, and applying firmware updates provided by AMI as soon as they become available. The vulnerability aligns with ATT&CK technique T1078.004 for Valid Accounts and T1566.002 for Phishing, as it enables attackers to leverage legitimate management interfaces for unauthorized access. Security teams should also implement continuous monitoring of management interface access logs, establish strict access controls for Redfish endpoints, and conduct regular vulnerability assessments to identify similar authentication bypass flaws. The remediation process requires careful coordination between IT and security teams to ensure that firmware updates do not disrupt critical system operations while addressing the authentication bypass vulnerability. Organizations should also consider implementing network-level controls such as firewalls and access control lists to restrict access to management interfaces to trusted IP addresses only, as a temporary mitigation measure while permanent fixes are deployed.