Firmware Update for Security Vulnerabilities Associated with AMI MegaRAC Baseboard Management Controller (BMC) Software
BMCs provide out-of-band management for servers and motherboards. The security vulnerabilities identified are in severity of High to Critical. The impact can allow remote access and control of systems to be susceptible to malware or bricking. To mitigate the risk of exploitation, GIGABYTE has released new firmware versions.
Updated firmware versions to address the threat are available on all product pages for systems using the following BMCs:
- ASPEED AST2500 (update to version 12.60.39)
- ASPEED AST2600 (update to version 13.04.12)
CVE ID Vulnerability Details:
|Common Vulnerabilities Exposures|
(CVSS v3.1 Score)
|Impact of Vulnerability|
|CVE-2022-40259||9.8 Critical||Arbitrary Code Execution via Redfish API|
|CVE-2022-40242||9.8 Critical||Default credentials for UID = 0 shell via SSH|
|CVE-2022-2827||7.5 High||User enumeration via API|
Please navigate to the "Support" section of the relevant product page to download the updated firmware.
For any further assistance regarding this issue please contact your GIGABYTE sales representative, or create a new support ticket at https://esupport.gigabyte.com