At AMI, we take vulnerabilities seriously and continuously monitor and respond to the changing security landscape. When these MegaRAC Baseboard Management Controller vulnerabilities were identified, our Product Security Incident Response Team (PSIRT) swung into action, allowing AMI to address the vulnerabilities effectively and efficiently. In collaboration with CISA, CERT, and Eclypsium, we worked on the discovery and remediation of these issues. Eclypsium commended AMI’s quick work towards remediation:
“We would like to highlight that our experience working with AMI PSIRT was exceptional. They were highly professional throughout the disclosure process, reproduced our report quickly, and clearly communicated their remediation process. This engagement exemplified how a mature vulnerability response program should operate, and we look forward to future collaboration with AMI to protect customers.” —Nate Warfield from Eclypsium
As part of our continuous process and key relationships with CISA and global research firms, we took proactive steps to remediate the identified vulnerabilities and promptly notified all affected customers. We have been in direct contact with our customers since the beginning of this process, and all customers were provided a patch to resolve these vulnerabilities. We are committed to keeping our customers informed and recommend they update their firmware with the latest updates.
At AMI, we will continue to work with CISA and research firms to monitor the security landscape, ensuring vulnerabilities are quickly identified, addressed, and reported. We are committed to maintaining the highest security standards for all our products to best protect our customers from potential risks.