Response to MegaRAC Baseboard Management Controller Vulnerabilities

Dec 7, 2022 | FIRMly Secure, Tech Blog

At AMI, we take vulnerabilities seriously and continuously monitor and respond to the changing security landscape. When these MegaRAC Baseboard Management Controller vulnerabilities were identified, our Product Security Incident Response Team (PSIRT) swung into action, allowing AMI to address the vulnerabilities effectively and efficiently. In collaboration with CISA, CERT, and Eclypsium, we worked on the discovery and remediation of these issues. Eclypsium commended AMI’s quick work towards remediation:

“We would like to highlight that our experience working with AMI PSIRT was exceptional. They were highly professional throughout the disclosure process, reproduced our report quickly, and clearly communicated their remediation process. This engagement exemplified how a mature vulnerability response program should operate, and we look forward to future collaboration with AMI to protect customers.” —Nate Warfield from Eclypsium

As part of our continuous process and key relationships with CISA and global research firms, we took proactive steps to remediate the identified vulnerabilities and promptly notified all affected customers. We have been in direct contact with our customers since the beginning of this process, and all customers were provided a patch to resolve these vulnerabilities. We are committed to keeping our customers informed and recommend they update their firmware with the latest updates.

At AMI, we will continue to work with CISA and research firms to monitor the security landscape, ensuring vulnerabilities are quickly identified, addressed, and reported. We are committed to maintaining the highest security standards for all our products to best protect our customers from potential risks.

Sam Cure
CISO

About AMI

AMI is Firmware Reimagined for modern computing. As a global leader in Dynamic Firmware for security, orchestration and manageability solutions, AMI enables the world’s compute platforms from on-premises to the cloud to the edge. AMI’s industry-leading foundational technology and unwavering customer support have generated lasting partnerships and spurred innovation for some of the most prominent brands in the high-tech industry. AMI is also a critical provider to the Open Compute ecosystem and is a member of numerous industry associations and standards groups, such as the Unified EFI Forum (UEFI), PICMG, National Institute of Standards and Technology (NIST), National Cybersecurity Excellence Partnership (NCEP), and the Trusted Computing Group (TCG).

You May Also Like…