Lucene search

[email protected]NVD:CVE-2023-25192

HistoryFeb 15, 2023 - 3:15 p.m.

CVE-2023-25192

2023-02-1515:15:11

CWE-668

[email protected]

web.nvd.nist.gov

ami

megarac spx

user enumeration

vulnerability

fixed versions

redfish

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

32.1%

JSON

AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00.

Affected configurations

Nvd

Node

amimegarac_sp-xMatch12-

amimegarac_sp-xMatch13-

VendorProductVersionCPE
amimegarac_sp-x12cpe:2.3:o:ami:megarac_sp-x:12:-:*:*:*:*:*:*
amimegarac_sp-x13cpe:2.3:o:ami:megarac_sp-x:13:-:*:*:*:*:*:*

Vendor	Product	Version	CPE
ami	megarac_sp-x	12	cpe:2.3:o:ami:megarac_sp-x:12:-::::::
ami	megarac_sp-x	13	cpe:2.3:o:ami:megarac_sp-x:13:-::::::

References

9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023002.pdf

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

0.001

Percentile

32.1%

JSON

Related for NVD:CVE-2023-25192

cve1 cvelist1 prion1