Lucene search

AMICVELIST:CVE-2023-37295

HistoryJan 09, 2024 - 10:19 p.m.

CVE-2023-37295 Heap-based Buffer Overflow

2024-01-0922:19:18

CWE-122

AMI

www.cve.org

ami

bmc

network

memory corruption

confidentiality

integrity

availability

cve-2023-37295

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

25.8%

JSON

AMI’s
SPx contains a vulnerability in the BMC where an Attacker may
cause a heap memory corruption via an adjacent network. A successful exploitation
of this vulnerability may lead to a loss of confidentiality, integrity, and/or
availability.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "MegaRAC_SPx",
    "vendor": "AMI",
    "versions": [
      {
        "lessThan": "12.7",
        "status": "affected",
        "version": "12",
        "versionType": "RC"
      },
      {
        "lessThan": "13.6",
        "status": "affected",
        "version": "13",
        "versionType": "RC"
      }
    ]
  }
]

References

9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf

CVSS3

8.3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

25.8%

JSON

Related for CVELIST:CVE-2023-37295