AMI BMC flaws

The threat of Remote attack, critical flaws in AMI MegaRAC BMC Software

3 Mins Read

PureVPNNewsThe threat of Remote attack, critical flaws in AMI MegaRAC BMC Software

AMI MegaRAC Baseboard Management Controller (BMC) software has been found to have two new security flaws that hackers could exploit to take control of vulnerable servers and plant malware on them. 

The severity of these vulnerabilities varies, with some being classified as Critical. They allow attackers to execute code remotely and gain superuser access without authentication. 

These vulnerabilities can be exploited through Redfish remote management interfaces or a compromised host operating system.

COM-HPC PMI with Redfish uses the popular https standard for communication.

Source: Embedded computing

Red alert

  • These flaws could be used to implant persistent firmware that remains unaffected by reinstalling the operating system or replacing the hard drive. 
  • They could even cause physical damage to the motherboard through overvolting attacks, leading to permanent damage or indefinite reboot loops.

These issues highlight the increasing trend of attackers targeting lower-level embedded code that hardware and computing systems rely on, making detection and remediation much more challenging.

History of attacks

The set of vulnerabilities affecting AMI MegaRAC BMCs is collectively known as BMC&C. A firmware security company disclosed some in December 2022 and February 2023. The latest additions are named CVE-2023-34329 and CVE-2023-34330.

  • CVE-2023-34329 involves bypassing authentication through HTTP header spoofing with a high CVSS score of 9.9. 

Source: Ramanean

  • CVE-2023-34330 has a CVSS score of 6.7 and allows code injection through the dynamic Redfish extension interface. 

What’s more concerning?

Combined, these two vulnerabilities have a severity score of 10.0, enabling attackers 

  1. to bypass Redfish authentication and execute arbitrary code on the BMC chip with full privileges
  2. work with CVE-2022-40258 to crack passwords for admin accounts on the BMC chip.
  3. result in malware installation for long-term cyber espionage without detection by security software.
  4. allow lateral movement within the system and even damage the CPU through power management tampering, such as PMFault.

Alert: The researchers emphasize that these vulnerabilities pose a significant risk to the technology supply chain that supports cloud computing. 

As they affect component suppliers and hardware vendors, the potential risk extends to the cloud services used by various organizations. 

This means both directly owned hardware and the hardware supporting cloud services could be at risk.

Retrospectively…

To protect the critical infrastructure and potential attacks addressing these flaws and ensuring robust security measures at the hardware level is very important. Collaborating with cloud service providers, hardware vendors, and component suppliers is necessary. 

author

PureVPN

date

July 21, 2023

time

2 years ago

PureVPN is a leading VPN service provider that excels in providing easy solutions for online privacy and security. With 6000+ servers in 65+ countries, It helps consumers and businesses in keeping their online identity secured.

Related Stories

Snapchat Down Worldwide Amid Major AWS Outage: What We Know So Far

Snapchat Down Worldwide Amid Major AWS Outage: What We Know So Far
Posted on October 20, 2025
Slack Faces Partial Outage: Users Report Message Delays and Loading Issues

Slack Faces Partial Outage: Users Report Message Delays and Loading Issues
Posted on October 20, 2025
Arizona Sees Surge in VPN Demand After Age Verification Laws Take Effect

Arizona Sees Surge in VPN Demand After Age Verification Laws Take Effect
Posted on October 8, 2025

Have Your Say!!