Lucene search

AMICVE-2023-37295

HistoryJan 09, 2024 - 11:15 p.m.

CVE-2023-37295

2024-01-0923:15:08

CWE-787

CWE-122

AMI

web.nvd.nist.gov

cve-2023-37295

ami

spx

bmc

vulnerability

heap memory corruption

confidentiality

integrity

availability

nvd

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

25.8%

JSON

AMI’s
SPx contains a vulnerability in the BMC where an Attacker may
cause a heap memory corruption via an adjacent network. A successful exploitation
of this vulnerability may lead to a loss of confidentiality, integrity, and/or
availability.

Affected configurations

Nvd

Node

amimegarac_sp-xRange12–12.7

amimegarac_sp-xRange13–13.6

VendorProductVersionCPE
amimegarac_sp-x*cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ami	megarac_sp-x	*	cpe:2.3:o:ami:megarac_sp-x::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MegaRAC_SPx",
    "vendor": "AMI",
    "versions": [
      {
        "lessThan": "12.7",
        "status": "affected",
        "version": "12",
        "versionType": "RC"
      },
      {
        "lessThan": "13.6",
        "status": "affected",
        "version": "13",
        "versionType": "RC"
      }
    ]
  }
]

References

9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

25.8%

JSON

Related for CVE-2023-37295