BMC firmware exploited in the wild: A klaxon for CISOs

Vulnerability in ubiquitous remote server management firmware from AMI affects Asus, ASRock, Blackcore, HPE, Gigabyte, NetApp, Lenovo, Siemens servers; more.

A CVSS 10 Baseboard Management Controller (BMC) vulnerability has been confirmed as exploited in the wild by CISA – a troubling first for the industry and a klaxon for CISOs who face potential deep persistence.

The exploited BMC firmware from AMI is built into countless motherboards to remotely manage servers. The vulnerability is a pre-auth RCE bug that, astonishingly, lets a remote attacker create a new administrator-level user with no credential checks via a simple API call.

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Already a member? Sign in