CISA Warns AMI MegaRAC Bug Lets Hackers Kill Servers

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns AMI MegaRAC users of an actively exploited critical vulnerability that enables attackers to seize control of servers and render them inoperable. The flaw resides in the MegaRAC Baseboard Management Controller (BMC) software, a common component in data center infrastructure.

CISA added the bug to its Known Exploited Vulnerabilities catalog after confirming that threat actors are using it in live attacks. The vulnerability, rated with the highest severity score, allows intruders to hijack systems remotely, potentially disrupting enterprise operations and data center stability.

As CISA warns, AMI MegaRAC users face an urgent threat requiring immediate mitigation steps to prevent system compromise. The agency urges organizations to identify affected devices and apply security updates without delay. BMC flaws can provide deep access to hardware, making them attractive targets for advanced threat actors.

For further details and mitigation guidance, read the full article here:
https://www.bleepingcomputer.com/news/security/cisa-ami-megarac-bug-that-lets-hackers-brick-servers-now-actively-exploited/