ГлавнаяУязвимости → CVE-2024-54085
9.8критическая

CVE-2024-54085

→ есть в БДУ: BDU:2025-07173 (на русском)
Описание (на английском; русское — в БДУ выше)

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

Затрагиваемое ПО
Ami Megarac sp-xNetapp H300s firmwareNetapp H300sNetapp H500s firmwareNetapp H500sNetapp H700s firmwareNetapp H700sNetapp H410s firmwareNetapp H410sNetapp H410c firmwareNetapp H410cNetapp Sg6160 firmwareNetapp Sg6160Netapp Sgf6112 firmwareNetapp Sgf6112Netapp Sg110 firmwareNetapp Sg110Netapp Sg1100 firmwareNetapp Sg1100
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdfhttps://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tool-imperils-thousands-of-servers/https://eclypsium.com/blog/bmc-vulnerability-cve-2024-05485-cisa-known-exploited-vulnerabilities/https://security.netapp.com/advisory/ntap-20250328-0003/https://www.bleepingcomputer.com/news/security/cisa-ami-megarac-bug-that-lets-hackers-brick-servers-now-actively-exploited/https://www.networkworld.com/article/4013368/ami-megarac-authentication-bypass-flaw-is-being-exploitated-cisa-warns.htmlhttps://nvd.nist.gov/vuln/detail/CVE-2024-54085https://security.netapp.com/advisory/ntap-20250328-0003/