-
info@forensicss.com
Send Email
-
11400 West Olympic Blvd, Los Angeles, CA 90064
310-270-0598
Confidentiality Guaranteed
310-270-0598
Confidentiality Guaranteed
23
Apr
Apr
ASUS releases fix for AMI worm that lets hackers brick servers
Cybersecurity expert
ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that may per chance presumably allow attackers to hijack and doubtlessly brick servers.
The flaw impacts American Megatrends Global’s MegaRAC Baseboard Management Controller (BMC) gadget, susceptible by over a dozen server hardware vendors, collectively with HPE, ASUS, and ASRock.
The CVE-2024-54085 flaw is remotely exploitable, doubtlessly leading to malware infections, firmware adjustments, and irreversible physical injure by over-volting.
“A local or remote attacker can exploit the vulnerability by accessing the remote management interfaces (Redfish) or the internal host to the BMC interface (Redfish),” explained Eclypsium in a linked fable.
“Exploitation of this vulnerability allows an attacker to remotely control the compromised server, remotely deploy malware, ransomware, firmware tampering, bricking motherboard components (BMC or potentially BIOS/UEFI), potential server physical damage (over-voltage / bricking), and indefinite reboot loops that a victim cannot stop.”
Though AMI released a bulletin alongside with patches on March 11, 2025, time turned into as soon as wished for impacted OEMs to put into effect the fixes on their merchandise.
This day, ASUS announced they possess got released fixes for CVE-2024-54085 for four motherboard models impacted by the worm.
The updates and rapid BMC firmware version customers must increase to are:
- PRO WS W790E-SAGE SE – version 1.1.57 (download from here)
- PRO WS W680M-ACE SE – version 1.1.21(download from here)
- PRO WS WRX90E-SAGE SE – version 2.1.28 (download from here)
- Professional WS WRX80E-SAGE SE WIFI – version 1.34.0 (download from here)
Given the severity of the vulnerability and the flexibility to construct distant exploitation, it’s crucial to construct the firmware replace as soon as imaginable.
After downloading the most accepted BMC firmware replace (.ima file), you would also apply it by the win interface > Repairs > Firmware Update, pick the file, and click on ‘Originate Firmware Update.’ Moreover it’s endorsed that you just verify the ‘Elephantine Flash’ option.
For detailed instructions on guidelines on how to construct MBC firmware updates safely and troubleshooting, verify ASUS FAQ here.
