A critical vulnerability, designated CVE-2024-540385, has been uncovered in HPE Cray XD670 servers utilizing the AMI BMC Redfish API, posing a severe threat of remote authentication bypass. With a maximum CVSS score of 10, this flaw necessitates immediate action from administrators to prevent potential exploitation.
According to HPE’s security bulletin, “This vulnerability could be remotely exploited to allow authentication bypass.” This means that an attacker could potentially gain unauthorized access to the server’s baseboard management controller (BMC) without providing valid credentials. The implications are significant, as the BMC provides low-level system management capabilities, including power control, remote console access, and hardware monitoring.
The potential impact of this vulnerability is substantial, especially in high-performance computing environments where HPE Cray XD670 servers are commonly deployed. A successful exploit could allow attackers to gain complete control of the affected servers, leading to data breaches, system disruption, and other malicious activities.
The vulnerability specifically affects HPE Cray XD670 – Prior to BMC v1.19. HPE has swiftly responded by releasing updated BMC firmware, version 1.19, dated January 29, 2025, to address the issue.
HPE strongly advises administrators to update their BMC firmware to the patched version without delay. The bulletin outlines a clear procedure for obtaining the necessary firmware:
- Click the following link:Hewlett Packard Enterprise Support Center
- Enter a product name from the list of impacted products above in the text search field and wait for a list of Suggested Products to display. From the Suggested Products list displayed, identify the desired product and select it.
- The page should refresh to include a selection for the “DRIVERS AND SOFTWARE” tab.
- Select the “DRIVERS AND SOFTWARE tab to find the components that you need and download them.
This detailed process ensures that administrators can easily locate and download the correct firmware for their specific HPE Cray XD670 servers.
Related Posts:
- Japan will launch the world’s most powerful nuclear fusion research supercomputer
- HPE Aruba Networking Addresses Severe Vulnerabilities in Access Points
- Researcher Details RCE Flaw (CVE-2024-36435) in Supermicro BMC IPMI Firmware
- Supermicro Motherboards Vulnerable to Critical RCE Flaw (CVE-2024-36435)
- HPE Insight Remote Support Hit with Critical Vulnerabilities, Urgent Patch Released
