July 20, 2023 By Sergiu Gatlan
Image: Bing Image Creator
Two new critical severity vulnerabilities have been discovered in the MegaRAC Baseboard Management Controller (BMC) software made by hardware and software company American Megatrends International.
MegaRAC BMC provides admins with "out-of-band" and "lights-out" remote system management capabilities, enabling them to troubleshoot servers as if they were physically in front of the devices.
The firmware is used by more than a dozen server manufacturers that provide equipment to many cloud service and data center providers. Affected vendors include the likes of AMD, Asus, ARM, Dell EMC, Gigabyte, Lenovo, Nvidia, Qualcomm, Hewlett-Packard Enterprise, Huawei, Ampere Computing, ASRock, and more.
