Skip to Content

AMI BMC Firmware vulnerabilities

Updated on 2022-12-07: AMI BMC vulnerabilities

Eclypsium researchers have discovered three vulnerabilities in the firmware of AMI MegaRAC baseboard management controllers. Eclypsium says the three vulnerabilities can be exploited via the Redfish and IPMI ports for remote code execution that can grant attackers access to the superuser account on the BMC firmware. Baseboard management controllers are typically used to provide remote management of large computer fleets, and are commonly found in enterprise network setups. Eclypsium says that servers manufacturers known to use AMI MegaRAC BMCs for their products include the likes of AMD, Asus, Gigabyte, Inspur, and Qualcomm. The researchers named the vulnerabilities BMC&C. Read more: SUPPLY CHAIN VULNERABILITIES PUT SERVER ECOSYSTEM AT RISK

Updated on 2022-12-05: AMI MegaRAC Flaws Affect Servers from Multiple Manufacturers

Researchers from Eclypsium have detected three vulnerabilities in American Megatrends (AMI) MegaRAC Baseboard Management Controller (BMC) software. The flaws, which have severity ratings from medium to critical, could be exploited to achieve remote control of compromised servers, remote deployment of malware, ransomware and firmware implants, and server physical damage (bricking). Mitigation recommendations include making sure “that all remote server management interfaces (e.g. Redfish, IPMI) and BMC subsystems in their environments are on their dedicated management networks and are not exposed externally, and ensure internal BMC interface access is restricted to administrative users with ACLs or firewalls.”


  • Part of the issue is “redfish”, the new API meant to replace IPMI. Redfish is based around “web standards” which apparently means that we now include standard web application vulnerabilities like OS command injection in BMC software. These days, applications are web applications. If it is a BMC, a mobile app or a word processor. You will only be able to defend your organization if you understand web applications.
  • If you’re not already doing so, consider the BMC as equivalent to standing at the physical console of the system. The services enable your system administrators to do almost anything from wherever they are located. As such, you really need to restrict the access to only users and devices that need to access them. Never expose these directly to the Internet. Now it gets harder – you need to keep them updated, make sure that you’re only running the genuine/vetted versions, and monitor for anomalous behavior. Make sure that you have a non-production system to test updates, as you can effectively kneecap a system getting this wrong.


Overview: BMC Firmware Flaws

Researchers at Nozomi Networks have detected 13 vulnerabilities in baseboard management controller (BMC) firmware used in operational technology (OT) and Internet of Things (IoT) devices. These particular flaws “affect BMCs of Lanner devices based on the American Megatrends (AMI) MegaRAC SP-X.” The vulnerabilities could be exploited to achieve remote code execution (RCE) with root privileges.


  • The BMC firmware has low level access to system functions, operating below the OS level, so fixing this is important. Fortunately, Lanner has released updates which resolve the issues, but you may have to actively reach out to Lanner to get the update. In addition, make sure that you’re restricting access to the web interface to trusted devices and users. Make sure that remote access requires a VPN and ideally even a bastion host.


Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that is committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we have not implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you are currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.