AMI MegaRAC Vulnerability
AMI MegaRAC Vulnerability
AMI MegaRAC Vulnerability
Lenovo Security Advisory: LEN-121190
Potential Impact: Code Execution
Severity: Medium
Scope of Impact: Industry-wide
CVE Identifier: CVE-2023-28863
Summary Description:
AMI reported a potential security vulnerability in AMI MegaRAC SP-X Baseboard Management Controllers that causes a failure to enforce integrity and confidentiality with IPMIv2.
Mitigation Strategy for Customers (what you should do to protect yourself):
AMI recommends customers upgrade to the BMC firmware version (or newer) indicated for your model in the Product Impact section below.
AMI also recommends that customers continue to maintain strict access controls to BMC devices.
Note: Hyperscale customers: Please contact your Lenovo service representative for update information.
To download the version specified for your product below, follow these steps:
Navigate to the Drivers & Software support site for your product:
- Lenovo Products (sold worldwide, except in China): https://support.lenovo.com/
- Lenovo Products (sold in China): https://newsupport.lenovo.com.cn/
- IBM-branded System x Legacy Products: https://www.ibm.com/support/fixcentral/
- Search for your product by name or machine type.
- Click Drivers & Software on the left menu panel.
- Click on Manual Update to browse by Component type.
- Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.
Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:
PC Products and Software: https://support.lenovo.com/us/en/solutions/ht504759
Server and Enterprise Software: https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd and https://datacentersupport.lenovo.com/us/en/documents/lnvo-center
Click below links to view affected products:
References:
Revision History:
Revision | Date | Description |
---|---|---|
1 | 2024-04-09 | Initial release |
For a complete list of all Lenovo Product Security Advisories, click here.
For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.
Product Impact:
Product | Component | Minimum Fixed Version |
HR610X (Hyperscale) | Baseboard Management Controller (BMC) - ThinkSystem HR610X | R15_40_0608 |
HR630X (HyperScale) | Baseboard Management Controller (BMC) - ThinkSystem HR630X/HR650X | R11_53_0608 |
HR630X V2 (Hyperscale) | Baseboard Management Controller (BMC) - ThinkSystem HR630X_V2 | 1.52 |
HR650X (Hyperscale) | Baseboard Management Controller (BMC) - ThinkSystem HR630X/HR650X | R11_53_0608 |
Product | Component | Minimum Fixed Version |
HG680X (ThinkSystem) | Baseboard Management Controller (BMC) - ThinkSystem HG680X | SE550V2 V5.49.00 & DN8848V2 V6.40.00 |
SR635 (ThinkSystem) | Lenovo ThinkSystem SR635/655 Baseboard Management Controller (BMC) | V6.67 |
SR655 (ThinkSystem) | Lenovo ThinkSystem SR635/655 Baseboard Management Controller (BMC) | V6.67 |
Your feedback helps to improve the overall experience