"Vulnerable AMI MegaRAC BMC Firmware Puts Data Center Servers at Risk"
Researchers have discovered critical firmware vulnerabilities in baseboard management controllers (BMCs) made by AMI, a leading provider of BMCs and firmware. These vulnerabilities, which were revealed in a 2021 ransomware attack, can be exploited by attackers with access to the Redfish remote management interface, allowing them to gain superuser status and execute malicious code on servers in data centers. The vulnerabilities pose a significant risk to cloud computing infrastructure, potentially enabling attackers to install ransomware, espionage malware, or cause physical damage to servers. AMI has released firmware patches to address the vulnerabilities.