CVE-2024-54085

Warning

Media report

EPSS 21.09%
Published 11.03.2025 14:00:58
Last modified 27.06.2025 16:57:49
Source biossecurity@ami.com
Teams watchlist Login
Open Login

AMI’s SPx contains
a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation
of this vulnerability may lead to a loss of confidentiality, integrity, and/or
availability.

Affected products Warnungen 1 Metrics 3 CWE 1 References 11

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Ami ≫ Megarac Sp-x Version >= 12 < 12.7

Ami ≫ Megarac Sp-x Version >= 13 < 13.5

Netapp ≫ H300s Firmware Version-

Netapp ≫ H300s Version-

Netapp ≫ H500s Firmware Version-

Netapp ≫ H500s Version-

Netapp ≫ H700s Firmware Version-

Netapp ≫ H700s Version-

Netapp ≫ H410s Firmware Version-

Netapp ≫ H410s Version-

Netapp ≫ H410c Firmware Version-

Netapp ≫ H410c Version-

Netapp ≫ Sg6160 Firmware Version-

Netapp ≫ Sg6160 Version-

Netapp ≫ Sgf6112 Firmware Version-

Netapp ≫ Sgf6112 Version-

Netapp ≫ Sg110 Firmware Version-

Netapp ≫ Sg110 Version-

Netapp ≫ Sg1100 Firmware Version-

Netapp ≫ Sg1100 Version-

25.06.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability

Vulnerability

AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

Description

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	21.09%	0.955

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
biossecurity@ami.com	10	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X