A new critical vulnerability of the highest possible severity score – CVE-2024-54085, CVSS 10 – has just been disclosed. It is found in the widely used American Megatrends’ (AMI) MegaRAC BMC (Baseboard Management Controller) software allowing authentication bypass and exploitation. Due to AMI’s dominant role in the motherboard supply chain, dozens of major hardware vendors […]
https://www.greenbone.net/wp-content/uploads/Gb_New-logo_horizontal_head.png00Joseph Leehttps://www.greenbone.net/wp-content/uploads/Gb_New-logo_horizontal_head.pngJoseph Lee2025-04-01 12:48:502025-04-01 12:48:50AMI BMC Flaw: Remote Takeover and DoS of Server Infrastructure
CVE-2024-4577 (CVSS 9.8 Critical) is currently climbing the winners’ podium of the most malicious security vulnerabilities. Disclosed in early June 2024 by Devcore security researchers, weaponization began within a mere 48 hours. It is a PHP-CGI OS Command Injection vulnerability [CWE-78] impacting PHP for Windows. Attacks distributing “TellYouThePass” ransomware were immediately observed and the CVE […]
https://www.greenbone.net/wp-content/uploads/Gb_New-logo_horizontal_head.png00Joseph Leehttps://www.greenbone.net/wp-content/uploads/Gb_New-logo_horizontal_head.pngJoseph Lee2025-03-26 13:48:592025-03-26 13:48:59Escalating Attacks Targeting CVE-2024-4577 in PHP-CGI for Windows
Two new CVEs in Apache Camel have been disclosed warranting immediate attention from users. On March 9, 2025, Apache disclosed CVE-2025-27636 (CVSS 5.6), a Remote Code Execution (RCE) flaw. Two days later, on March 11th, Akamai’s Security Intelligence Group (SIG) reported a bypass technique for the original patch, resulting in CVE-2025-29891 (CVSS 4.2) being published […]
AMI BMC Flaw: Remote Takeover and DoS of Server Infrastructure
BlogA new critical vulnerability of the highest possible severity score – CVE-2024-54085, CVSS 10 – has just been disclosed. It is found in the widely used American Megatrends’ (AMI) MegaRAC BMC (Baseboard Management Controller) software allowing authentication bypass and exploitation. Due to AMI’s dominant role in the motherboard supply chain, dozens of major hardware vendors […]
Escalating Attacks Targeting CVE-2024-4577 in PHP-CGI for Windows
BlogCVE-2024-4577 (CVSS 9.8 Critical) is currently climbing the winners’ podium of the most malicious security vulnerabilities. Disclosed in early June 2024 by Devcore security researchers, weaponization began within a mere 48 hours. It is a PHP-CGI OS Command Injection vulnerability [CWE-78] impacting PHP for Windows. Attacks distributing “TellYouThePass” ransomware were immediately observed and the CVE […]
Apache Camel Case-Sensitive Flaw May Forfeit Remote Command Execution
BlogTwo new CVEs in Apache Camel have been disclosed warranting immediate attention from users. On March 9, 2025, Apache disclosed CVE-2025-27636 (CVSS 5.6), a Remote Code Execution (RCE) flaw. Two days later, on March 11th, Akamai’s Security Intelligence Group (SIG) reported a bypass technique for the original patch, resulting in CVE-2025-29891 (CVSS 4.2) being published […]