Lucene search

MitreCVE-2023-25192

HistoryFeb 15, 2023 - 3:15 p.m.

CVE-2023-25192

2023-02-1515:15:11

CWE-668

mitre

web.nvd.nist.gov

cve-2023-25192

ami

megarac

spx

user enumeration

redfish

nvd

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

32.1%

JSON

AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00.

Affected configurations

Nvd

Node

amimegarac_sp-xMatch12-

amimegarac_sp-xMatch13-

VendorProductVersionCPE
amimegarac_sp-x12cpe:2.3:o:ami:megarac_sp-x:12:-:*:*:*:*:*:*
amimegarac_sp-x13cpe:2.3:o:ami:megarac_sp-x:13:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
ami	megarac_sp-x	12	cpe:2.3:o:ami:megarac_sp-x:12:-::::::
ami	megarac_sp-x	13	cpe:2.3:o:ami:megarac_sp-x:13:-::::::

References

9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023002.pdf

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

32.1%

JSON

Related for CVE-2023-25192