The Register has a bit of background on BMC attacks, based on the recent presentation at Blackhat:
https://www.blackhat.com/us-18/briefings/schedule/#the-unbearable-lightness-of-bmcs-10035
https://www.theregister.co.uk/2018/08/10/data_center_hacking/