Summary: ASUS has released crucial security updates for CVE-2024-54085, a severe vulnerability affecting the MegaRAC BMC software used in numerous server models, allowing potential remote hijacking of servers. The flaw can lead to malware infections, firmware modifications, and irreparable physical damage. Users are urged to update their firmware promptly to mitigate these risks.
Affected: American Megatrends International’s MegaRAC BMC software and impacted server hardware vendors (HPE, ASUS, ASRock)
Keypoints :
- The CVE-2024-54085 vulnerability is remotely exploitable and can result in malware deployment and server bricking.
- ASUS has issued firmware updates for four affected motherboard models, with specific version recommendations provided.
- Users should perform updates immediately via the web interface to protect their systems from potential attacks.