Home Product Support Platforms Extreme Computing AMI MegaRAC BMC Vulnerabilities

AMI MegaRAC BMC Vulnerabilities

On December 5, 2022, three vulnerabilties have been disclosed in the American MegaTrends MegaRAC Baseboard Management Controller (BMC) software. BMC provide out-of-band management for servers and motherboards. The vulnerabilites are rated in severity from High to Critical.

Notice: This document will continue to be updated as additional information becomes available and is subject to change without notice.

 

CVE ID Vulnerability details

CVESeverity RatingImpact of Vulnerabilities
CVE-2022-40259 9.8 Critical Arbitrary Code Execution via Redfisf API
CVE-2022-40242 9.8 Critical Default credential for UID = 0 shell via SSH
CVE-2022-2827 7.5 High User enumeration via API

 

Some Atos HPC products are based on the AMI MegaRAC BMC software and affected by these vulnerabilties.

The following table provides the list of Atos HPC products based on AMI MegaRAC BMC software

 

Product linePlatformsMotherboardFixed version (*)
BullSequana X400-A5 server family X410-A5 MZ12-HD1/MZ42-G20 BMC 12.60.39
X410-A5 G262-ZO0 BMC 12.83.43
X430-A5 MZ32-AR0/MZ92-FS0 BMC 12.60.39
X440-A5 MZ12-HD0/MZ62-HD0 BMC 12.60.39
X450-A5 MZ92-FS0 BMC 12.60.39
SMC & SMC xScale Servers MZ32-AR0/MZA2-CE0 BMC 12.60.39
BullSequana XH2000 BullSequana X2410 CERM In progress
BullSequana X2415 CRRM/CRRM+ In progress

 

(*) BMC Firmware are available for download when a "Fixed version" is available. Please, navigate on the firmware download section for the respective platforms.

 

For any further assistance, please contact your Atos HPC support representative or create a support ticket on https://tickets.bull.com

Assistance request
Create and track
Bull Search