Critical #AMI #MegaRAC bug can let attackers hijack, brick #servers
MegaRAC #BMC provides "lights-out" and "out-of-band" remote system management capabilities that help admins troubleshoot servers as if they were physically in front of the devices. The firmware is used by over a dozen #server vendors that provide equipment to many cloud service and #datacenter providers, including #HPE, #Asus, #ASRock, and others.
https://www.bleepingcomputer.com/news/security/critical-ami-megarac-bug-can-let-attackers-hijack-brick-servers/

#Intel and #Lenovo servers impacted by 6-year-old #BMC flaw
During recent scans of Baseboard Management Controllers, Binarly firmware security firm discovered a remotely exploitable heap out-of-bounds read vulnerability through the #Lighttpd web server processing "folded" HTTP request headers.
It was addressed in August 2018, the maintainers of Lighthttpd patched it silently in version 1.4.51 but #AMI #MegaRAC BMC to missed the fix, possibly because no #CVE was assigned.
https://www.bleepingcomputer.com/news/security/intel-and-lenovo-servers-impacted-by-6-year-old-bmc-flaw/

new AMI #MegaRAC #BMC #CVE drop:

CVE-2022-40259: Arbitrary code execution flaw via #Redfish API due to improper exposure of commands to the user. (CVSS v3.1 score: 9.9 “critical”)
CVE-2022-40242: Default credentials for sysadmin user, allowing attackers to establish administrative shell. (CVSS v3.1 score: 8.3 “high”)
CVE-2022-2827: Request manipulation flaw allowing an attacker to enumerate usernames and determine if an account exists. (CVSS v3.1 score: 7.5 “high”)

https://www.bleepingcomputer.com/news/security/severe-ami-megarac-flaws-impact-servers-from-amd-arm-hpe-dell-others/