Lucene search

AMICVE-2023-37296

HistoryJan 09, 2024 - 11:15 p.m.

CVE-2023-37296

2024-01-0923:15:08

CWE-787

CWE-121

AMI

web.nvd.nist.gov

cve-2023-37296

ami

spx

bmc

vulnerability

stack memory corruption

adjacent network

nvd

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

25.2%

JSON

AMI’s
SPx contains a vulnerability in the BMC where an Attacker may
cause a stack memory corruption via an adjacent network. A successful exploitation
of this vulnerability may lead to a loss of confidentiality, integrity, and/or
availability.

Affected configurations

Nvd

Node

amimegarac_sp-xRange12–12.7

amimegarac_sp-xRange13–13.6

VendorProductVersionCPE
amimegarac_sp-x*cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ami	megarac_sp-x	*	cpe:2.3:o:ami:megarac_sp-x::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MegaRAC_SPx",
    "vendor": "AMI",
    "versions": [
      {
        "lessThan": "12.7",
        "status": "affected",
        "version": "12",
        "versionType": "RC"
      },
      {
        "lessThan": "13.6",
        "status": "affected",
        "version": "13",
        "versionType": "RC"
      }
    ]
  }
]

References

9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf

CVSS3

8.8

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

25.2%

JSON

Related for CVE-2023-37296