So like pretty much any BMC out there, just with the benefit that an attacker taking over that thing doesn't have direct access to reflash your bios with a backdoored version?
Any halfway sane person deployed any kind of BMC or networked KVM to a access restricted management VLAN for at least a decade now because all of those things are a big mess, and the impact of them getting owned typically is pretty severe.