Lucene search

[email protected]CVE-2023-37293

HistoryJan 09, 2024 - 11:15 p.m.

CVE-2023-37293

2024-01-0923:15:08

CWE-787

CWE-121

[email protected]

web.nvd.nist.gov

ami

spx

vulnerability

cve-2023-37293

bmc

buffer overflow

network

exploitation

confidentiality

integrity

availability

nvd

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

25.2%

JSON

AMI’s SPx contains
a vulnerability in the BMC where an Attacker may cause a
stack-based buffer overflow via an adjacent network. A successful exploitation
of this vulnerability may lead to a loss of confidentiality, integrity, and/or
availability.

Affected configurations

NVD

Node

amimegarac_sp-xRange12–12.7

amimegarac_sp-xRange13–13.6

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MegaRAC_SPx",
    "vendor": "AMI",
    "versions": [
      {
        "lessThan": "12.7",
        "status": "affected",
        "version": "12",
        "versionType": "RC"
      },
      {
        "lessThan": "13.6",
        "status": "affected",
        "version": "13",
        "versionType": "RC"
      }
    ]
  }
]

References

9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf

CVSS3

9.6

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

25.2%

JSON

Related for CVE-2023-37293

cvelist1 prion1 nvd1