A CVSS 10 Baseboard Management Controller (BMC) vulnerability has been confirmed as exploited in the wild by CISA – a troubling first for the industry and a klaxon for CISOs who face potential deep persistence.

The exploited BMC firmware from AMI is built into countless motherboards to remotely manage servers. The vulnerability is a pre-auth RCE bug that, astonishingly, lets a remote attacker create a new administrator-level user with no credential checks via a simple API call. 

Get the full story: Subscribe for free

Join peers managing over $100 billion in annual IT spend and subscribe to unlock full access to The Stack’s analysis and events.

Subscribe now

Already a member? Sign in