CVE-2024-54085 — CRITICAL (9.8)

Q: How severe is CVE-2024-54085?

CVE-2024-54085 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-54085?

Check the references section above for vendor advisories and patch information. Affected products include: Ami Megarac Sp-X, Netapp H300S Firmware, Netapp H300S, Netapp H500S Firmware, Netapp H500S.

Vulnerability Description

AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ami	Megarac Sp-X	>= 12, < 12.7
Netapp	H300S Firmware	-
Netapp	H300S	-
Netapp	H500S Firmware	-
Netapp	H500S	-
Netapp	H700S Firmware	-
Netapp	H700S	-
Netapp	H410S Firmware	-
Netapp	H410S	-
Netapp	H410C Firmware	-
Netapp	H410C	-
Netapp	Sg6160 Firmware	-
Netapp	Sg6160	-
Netapp	Sgf6112 Firmware	-
Netapp	Sgf6112	-
Netapp	Sg110 Firmware	-
Netapp	Sg110	-
Netapp	Sg1100 Firmware	-
Netapp	Sg1100	-

Related Weaknesses (CWE)

CWE-290

References

https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdfVendor Advisory
https://arstechnica.com/security/2025/06/active-exploitation-of-ami-management-tPress/Media CoverageThird Party Advisory
https://eclypsium.com/blog/bmc-vulnerability-cve-2024-05485-cisa-known-exploitedPress/Media CoverageThird Party Advisory
https://security.netapp.com/advisory/ntap-20250328-0003/Third Party Advisory
https://www.bleepingcomputer.com/news/security/cisa-ami-megarac-bug-that-lets-haPress/Media CoverageThird Party Advisory
https://www.networkworld.com/article/4013368/ami-megarac-authentication-bypass-fPress/Media CoverageThird Party Advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-54085US Government Resource
https://security.netapp.com/advisory/ntap-20250328-0003/Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-US Government Resource

FAQ

What is CVE-2024-54085?

CVE-2024-54085 is a vulnerability with a CVSS score of 9.8 (CRITICAL). AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a los...

How severe is CVE-2024-54085?

CVE-2024-54085 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-54085?

Check the references section above for vendor advisories and patch information. Affected products include: Ami Megarac Sp-X, Netapp H300S Firmware, Netapp H300S, Netapp H500S Firmware, Netapp H500S.