Vulnerabilities in IT environments appear in different forms. The most common ones are likely software vulnerabilities that have not been patched. Then there are weak passwords, misconfigurations or network switches that have been EOL for five years. However, another type of security gap sometimes causes significant confusion during the scans: hardware vulnerabilities. We have become […]
https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.svg00Dirk Boeinghttps://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.svgDirk Boeing2025-04-02 12:00:332025-04-02 12:00:33The CPU as a Weakness: how to Manage Hardware Risks with Confidence
A new critical vulnerability of the highest possible severity score – CVE-2024-54085, CVSS 10 – has just been disclosed. It is found in the widely used American Megatrends’ (AMI) MegaRAC BMC (Baseboard Management Controller) software allowing authentication bypass and exploitation. Due to AMI’s dominant role in the motherboard supply chain, dozens of major hardware vendors […]
https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.svg00Joseph Leehttps://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.svgJoseph Lee2025-04-01 12:48:502025-04-01 12:48:50AMI BMC Flaw: Remote Takeover and DoS of Server Infrastructure
CVE-2024-4577 (CVSS 9.8 Critical) is currently climbing the winners’ podium of the most malicious security vulnerabilities. Disclosed in early June 2024 by Devcore security researchers, weaponization began within a mere 48 hours. It is a PHP-CGI OS Command Injection vulnerability [CWE-78] impacting PHP for Windows. Attacks distributing “TellYouThePass” ransomware were immediately observed and the CVE […]
https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.svg00Joseph Leehttps://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.svgJoseph Lee2025-03-26 13:48:592025-03-26 13:48:59Escalating Attacks Targeting CVE-2024-4577 in PHP-CGI for Windows
The CPU as a Weakness: how to Manage Hardware Risks with Confidence
BlogVulnerabilities in IT environments appear in different forms. The most common ones are likely software vulnerabilities that have not been patched. Then there are weak passwords, misconfigurations or network switches that have been EOL for five years. However, another type of security gap sometimes causes significant confusion during the scans: hardware vulnerabilities. We have become […]
AMI BMC Flaw: Remote Takeover and DoS of Server Infrastructure
BlogA new critical vulnerability of the highest possible severity score – CVE-2024-54085, CVSS 10 – has just been disclosed. It is found in the widely used American Megatrends’ (AMI) MegaRAC BMC (Baseboard Management Controller) software allowing authentication bypass and exploitation. Due to AMI’s dominant role in the motherboard supply chain, dozens of major hardware vendors […]
Escalating Attacks Targeting CVE-2024-4577 in PHP-CGI for Windows
BlogCVE-2024-4577 (CVSS 9.8 Critical) is currently climbing the winners’ podium of the most malicious security vulnerabilities. Disclosed in early June 2024 by Devcore security researchers, weaponization began within a mere 48 hours. It is a PHP-CGI OS Command Injection vulnerability [CWE-78] impacting PHP for Windows. Attacks distributing “TellYouThePass” ransomware were immediately observed and the CVE […]