CVE-2024-54085

CRITICAL KEV

AMI MegaRAC SP-X 12-12.7 - Unauthenticated Authentication Bypass via Redfish Host Interface

Title source: llm

Exploitation Summary

CVE-2024-54085 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added June 25, 2025. EIP tracks 2 public exploits from researchers including adminlove520, Mr-Zapi.

AI-analyzed exploit summary The repository contains a scanner for CVE-2024-21762, which checks for the presence of the vulnerability in Fortinet SSL VPN interfaces. It includes Python scripts that send crafted HTTP requests to detect if a target is vulnerable.

Description

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

Exploits (2)

github SCANNER 2 stars

by adminlove520 · pythonpoc

https://github.com/adminlove520/CVE-Poc_All_in_One/tree/main/2024/CVE-2024-54085

View Code ZIP pw:eip

The repository contains a scanner for CVE-2024-21762, which checks for the presence of the vulnerability in Fortinet SSL VPN interfaces. It includes Python scripts that send crafted HTTP requests to detect if a target is vulnerable.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Fortinet SSL VPN

No auth needed

Prerequisites: network access to the target · Python environment

MITRE ATT&CK

T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC 2 stars

by Mr-Zapi · remote

https://github.com/Mr-Zapi/CVE-2024-54085

View Code ZIP pw:eip

This PoC exploits an authentication bypass vulnerability in AMI MegaRAC BMC via Redfish Host Interface by manipulating the X-Server-Addr header to create an administrative account. The script attempts multiple headers to bypass authentication and create a new user with administrative privileges.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: AMI MegaRAC BMC (versions 12.x to 12.7, 13.x to 13.5)

No auth needed

Prerequisites: Network access to the Redfish API endpoint · Redfish API enabled on the target BMC

MITRE ATT&CK

T1110 - Brute Force T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8

Core References

Vendor Advisory

https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf

Press/Media Coverage, Third Party Advisory

https://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tool-imperils-thousands-of-servers/

Press/Media Coverage, Third Party Advisory

https://eclypsium.com/blog/bmc-vulnerability-cve-2024-05485-cisa-known-exploited-vulnerabilities/

Third Party Advisory

https://security.netapp.com/advisory/ntap-20250328-0003/

Press/Media Coverage, Third Party Advisory

https://www.bleepingcomputer.com/news/security/cisa-ami-megarac-bug-that-lets-hackers-brick-servers-now-actively-exploited/

Press/Media Coverage, Third Party Advisory

https://www.networkworld.com/article/4013368/ami-megarac-authentication-bypass-flaw-is-being-exploitated-cisa-warns.html

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-54085

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-54085

Scores

CVSS v3 9.8

EPSS 0.6120

EPSS Percentile 99.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2025-06-25

VulnCheck KEV 2025-06-25

ENISA EUVD EUVD-2024-54252

CWE

CWE-290

Status published

Products (10)

ami/megarac_sp-x 12 - 12.7

netapp/h300s_firmware

netapp/h410c_firmware

netapp/h410s_firmware

netapp/h500s_firmware

netapp/h700s_firmware

netapp/sg1100_firmware

netapp/sg110_firmware

netapp/sg6160_firmware

netapp/sgf6112_firmware

Published Mar 11, 2025

KEV Added Jun 25, 2025

Tracked Since Feb 18, 2026