Lucene search

AMICVELIST:CVE-2023-34342

HistoryJun 12, 2023 - 5:01 p.m.

CVE-2023-34342

2023-06-1217:01:33

CWE-22

AMI

www.cve.org

cve-2023-34342

vulnerability

ipmi handler

denial of service

privilege escalation

information disclosure

data tampering

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

AMI BMC contains a vulnerability in the IPMI handler, where an
attacker can upload and download arbitrary files under certain circumstances,
which may lead to denial of service, escalation of privileges, information
disclosure, or data tampering.

CNA Affected

[
  {
    "defaultStatus": "unknown",
    "platforms": [
      "ARM"
    ],
    "product": "MegaRAC_SPx",
    "vendor": "AMI",
    "versions": [
      {
        "lessThan": "12.7",
        "status": "affected",
        "version": "12.0",
        "versionType": "RC"
      },
      {
        "lessThan": "13.5",
        "status": "affected",
        "version": "13.0",
        "versionType": "RC"
      }
    ]
  }
]

References

9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023005.pdf

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

42.5%

JSON

Related for CVELIST:CVE-2023-34342