CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2024-54085

CVSS 10.0v4.0pub. 2025-03-11upd. 2025-11-05

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

🤖 AI Analysis
How it works

The vulnerability classified as CWE-290 (Authentication Bypass by Spoofing) allows an attacker to bypass the authentication process in the Redfish interface — a standard API interface for managing server infrastructure. The attack is possible remotely, without possessing any credentials, without user interaction, and without special environmental configuration requirements. After successfully bypassing authentication, the attacker gains access to BMC functions that operate below the operating system level and are difficult to detect and remove.

Impact

Successful exploitation of the vulnerability can lead to complete loss of confidentiality, integrity, and availability of the system, including permanent damage (bricking) of the server through BMC firmware manipulation. An attacker can gain full control over hardware management, install malicious code at the firmware level, or completely disable the server.

Mitigation & patch

Patches available from the manufacturer must be applied immediately in accordance with references — official AMI bulletin: https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf and NetApp advisory: https://security.netapp.com/advisory/ntap-20250328-0003/. Additionally, it is recommended to isolate BMC management interfaces from production networks and the public internet through dedicated OOBM (Out-of-Band Management) networks and restrict access to the Redfish interface exclusively to authorized hosts.

Who is affected

AMI MegaRAC SP-X (BMC firmware), NetApp H300S Firmware, NetApp H300S, NetApp H500S Firmware — specific versions indicated in manufacturer references (AMI-SA-2025003 and NetApp advisory ntap-20250328-0003)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Ami Megarac Sp X

    OS
    Ami
    12 – 12.7 (bez)13 – 13.5 (bez)
  • Netapp H300s

    HW
    Netapp
    wszystkie wersje
  • Netapp H300s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H410c

    HW
    Netapp
    wszystkie wersje
  • Netapp H410c Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H410s

    HW
    Netapp
    wszystkie wersje
  • Netapp H410s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H500s

    HW
    Netapp
    wszystkie wersje
  • Netapp H500s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp H700s

    HW
    Netapp
    wszystkie wersje
  • Netapp H700s Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp Sg110

    HW
    Netapp
    wszystkie wersje
  • Netapp Sg1100

    HW
    Netapp
    wszystkie wersje
  • Netapp Sg1100 Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp Sg110 Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp Sg6160

    HW
    Netapp
    wszystkie wersje
  • Netapp Sg6160 Firmware

    OS
    Netapp
    wszystkie wersje
  • Netapp Sgf6112

    HW
    Netapp
    wszystkie wersje
  • Netapp Sgf6112 Firmware

    OS
    Netapp
    wszystkie wersje

CISA KEV — detailsi

Vendori
AMI
Producti
MegaRAC SPx
Added to KEVi
June 25, 2025
Remediation deadline (US Federal)i
July 16, 2025(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 16 lipca 2025
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-40896CRITICAL9.1PL ✓ten sam produkt

XXE w bibliotece libxml2 — obejście niestandardowych handlerów SAX

CVE-2023-3043CRITICAL9.6PL ✓ten sam produkt

Stack-based buffer overflow w AMI MegaRAC SPx BMC przez sieć lokalną

CVE-2023-37293CRITICAL9.6PL ✓ten sam produkt

AMI MegaRAC SPx — stack-based buffer overflow w BMC przez sieć lokalną

CVE-2023-38426CRITICAL9.1ten sam produkt

An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context...

CVE-2023-34329CRITICAL9.1ten sam produkt

AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing ...