Lucene search

AMICVE-2023-34342

HistoryJun 12, 2023 - 6:15 p.m.

CVE-2023-34342

2023-06-1218:15:10

CWE-22

AMI

web.nvd.nist.gov

cve-2023-34342

ami

bmc

vulnerability

ipmi handler

arbitrary files

denial of service

privilege escalation

information disclosure

data tampering

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

AMI BMC contains a vulnerability in the IPMI handler, where an
attacker can upload and download arbitrary files under certain circumstances,
which may lead to denial of service, escalation of privileges, information
disclosure, or data tampering.

Affected configurations

Nvd

Node

amimegarac_sp-xRange12.0–12.7

amimegarac_sp-xRange13.0–13.5

VendorProductVersionCPE
amimegarac_sp-x*cpe:2.3:a:ami:megarac_sp-x:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ami	megarac_sp-x	*	cpe:2.3:a:ami:megarac_sp-x::::::::

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "ARM"
    ],
    "product": "MegaRAC_SPx",
    "vendor": "AMI",
    "versions": [
      {
        "lessThan": "12.7",
        "status": "affected",
        "version": "12.0",
        "versionType": "RC"
      },
      {
        "lessThan": "13.5",
        "status": "affected",
        "version": "13.0",
        "versionType": "RC"
      }
    ]
  }
]

References

9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

Related for CVE-2023-34342