Vulnerability in AMI MegaRAC firmware caused by shipping an old version of lighttpd
A vulnerability has been identified in MegaRAC firmware from American Megatrends (AMI), which is used in BMC (Baseboard Management Controller) controllers used by server manufacturers to organize autonomous equipment management, allowing an unauthenticated attacker to remotely read the contents of the memory of the process that provides the functioning of the web interface. The vulnerability appears in firmware released since 2019 and is caused by shipping an old version of the Lighttpd HTTP server containing an unpatched vulnerability. [β¦]