| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2024-54085 | AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability | exploitation_technique | T1068 | Exploitation for Privilege Escalation |
Comments
By sending a malicious request to the Redfish Host Interface, an attacker can manipulate the HTTP header, tricking the Baseboard Management Controller (BMC) into thinking that the request originates from a trusted source, leading to authentication bypass. This can lead to complete system control, deployment of malware at the firmware level, and network disruptions.
References
|
| CVE-2024-54085 | AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability | primary_impact | T1495 | Firmware Corruption |
Comments
By sending a malicious request to the Redfish Host Interface, an attacker can manipulate the HTTP header, tricking the Baseboard Management Controller (BMC) into thinking that the request originates from a trusted source, leading to authentication bypass. This can lead to complete system control, deployment of malware at the firmware level, and network disruptions.
References
|
| CVE-2024-54085 | AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability | primary_impact | T1608.001 | Upload Malware |
Comments
By sending a malicious request to the Redfish Host Interface, an attacker can manipulate the HTTP header, tricking the Baseboard Management Controller (BMC) into thinking that the request originates from a trusted source, leading to authentication bypass. This can lead to complete system control, deployment of malware at the firmware level, and network disruptions.
References
|
| CVE-2024-54085 | AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability | primary_impact | T1210 | Exploitation of Remote Services |
Comments
By sending a malicious request to the Redfish Host Interface, an attacker can manipulate the HTTP header, tricking the Baseboard Management Controller (BMC) into thinking that the request originates from a trusted source, leading to authentication bypass. This can lead to complete system control, deployment of malware at the firmware level, and network disruptions.
References
|
| CVE-2024-54085 | AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability | primary_impact | T1499 | Endpoint Denial of Service |
Comments
By sending a malicious request to the Redfish Host Interface, an attacker can manipulate the HTTP header, tricking the Baseboard Management Controller (BMC) into thinking that the request originates from a trusted source, leading to authentication bypass. This can lead to complete system control, deployment of malware at the firmware level, and network disruptions.
References
|