Support Content Notification - Support Portal

AMI Security Advisory AMI-SA-2025003 (CVE-2024-54084,CVE-2024-54085)

Product/Component

Brocade Directors

6 more products

Notification Id

25699

Last Updated

19 May 2025

Initial Publication Date

01 May 2025

Status

CLOSED

Severity

LOW

CVSS Base Score

WorkAround

Affected CVE

CVE-2024-54084, CVE-2024-54085

Brocade Security Advisory ID	BSA-2025-2991
Component	AMI

Summary

Brocade is aware of AMI Security Advisory AMI-SA202503 disclosing CVE-2024-54084, CVE-2024-54085.

CVE-2024-54084
APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CVE-2024-54085
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
CWE-290 - Authentication Bypass by Spoofing
CVSS-B 10.0 CRITICAL
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

More at: https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf

Products Confirmed Not Affected

Brocade Product Security has determined that these vulnerabilities don't affect any currently supported Brocade Fibre Channel Product from Broadcom. [VEX code: Component_not_present]

Statement on Brocade SANnav, Brocade ASCG, Brocade Support Link.

Brocade SANnav, Brocade ASCG, Brocade Support Link are Not Affected. However, the hardwares that host these Brocade Fibre Channel Products from Broadcom are not under Brocade's direct control. Brocade recommends customers follow their hardware vendors' advisories and recommendations for updates and security patches.

Revision History

Version	Change	Date
1.0	Initial Publication	4/30/2025

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.