ASUS issues own patch for severe AMI MegaRAC vulnerability

ASUS has issued a security fix for a severe vulnerability tracked as CVE-2024-54085, which affects certain server motherboards using American Megatrends International's (AMI) MegaRAC Baseboard Management Controller (BMC) firmware. The bug could allow attackers to gain control over servers and cause irreversible physical damage—including bricking motherboards or launching endless reboot cycles. This vulnerability can be exploited either locally or remotely through BMC’s Redfish management interfaces.

The flaw impacts hardware from numerous vendors that rely on AMI’s BMC firmware, including ASRock, HPE, and ASUS.

Stay on top of emerging threats.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

AMI originally released a patch in March 2025, but manufacturers needed time to adapt the fix for their products. ASUS has now rolled out firmware updates for four affected workstation motherboards:

• Pro WS W790E-SAGE SE
• Pro WS W680M-ACE SE
• Pro WS WRX90E-SAGE SE
• Pro WS WRX80E-SAGE SE WIFI

ASUS strongly advises server administrators to apply the updates immediately due to the risk of remote compromise. The update process involves uploading the new firmware via the BMC web interface, with the "Full Flash" option enabled for a clean install.

ASUS also provides detailed guidance for updating and troubleshooting in its support documentation. Given the severity and potential impact of the flaw, organizations are urged to act quickly to secure affected systems.

Source: The Hacker News

Analysis

The exploitation of flaws found in hardware components like motherboards could lead to serious consequences, including the deployment of ransomware, tampering with firmware, and even physically damaging hardware by over-volting components. In some cases, exploited servers can be rendered completely inoperable by being forced into endless reboot cycles.

While there’s no evidence that CVE-2024-54085 has been exploited in the wild, motherboard-level vulnerabilities have been targeted by threat actors before. For example, the RansomEXX group’s leak of AMI source code in 2021 led to the discovery of several critical flaws that were later exploited. The ability to compromise systems at such a foundational level, combined with the widespread use of the affected firmware, makes this a high-priority concern.

Mitigation

Field Effect’s Security Intelligence professionals constantly monitor the cyber threat landscape for vulnerabilities in hardware components. Field Effect MDR users are automatically notified if vulnerable hardware is detected in their environment and are encouraged to review these AROs as quickly as possible via the Field Effect Portal.

Field Effect strongly advises organizations to apply vendor patches according to AMI’s advisory and ensure BMC interfaces are not exposed to the internet to mitigate these risks.

Related Articles

• Flaws in DrayTek routers cause widespread internet disruption
• New Ballista botnet targets vulnerabilities in popular TP-Link routers
• CISA advises to patch Rockwell Automation ControlLogix flaws that can lead to remote attacks on industrial systems