Dale, on the other hand, confirmed that its systems are unaffected by the Megarc issue, as it uses its own integrated del remote access controller (IDRAC) in its servers.
How can attackers exploit the defects?
A week after the patch was posted by AMI in March, the company, which is the company Search for vulnerability Late 2024, more published Description Of its internal functioning:
“For our knowledge, vulnerability affects the BMC software stack of AMI only. However, since the AMI is at the top of the BIOS supply chain, the downstream effect affects more than a dozen manufacturers,” eclypsium researchers.
The defect scored at the maximum severity of 10 is named a ‘important’ defect on the CVSS. This will allow bypass certification through ECLYPSIM, via Redfish Interface Limit of resultsServer remote control, deployment of malware/ransomware, and destructive actions such as invincible reboot loops and even brick motherboards.
In short, this will not be a good day for the victims, although no exploitation of vulnerability has been found so far. But with any software vulnerability, what matters the speed and ease with which it is patched.
The first point illustrated by a clearly slow response to the CVE-2024-54085 is the complexity of the patching process when it contains the software part of a supply chain that consists of more than one seller.
