497 matches found
PT-2023-20138 · Nvidia · Nvidia Dgx A100
Name of the Vulnerable Software and Affected Versions: NVIDIA DGX H100 baseboard management controller BMC affected versions not specified Description: The NVIDIA DGX H100 baseboard management controller BMC contains a vulnerability in a web server plugin. An unauthenticated attacker may cause a...
Intel Server Board Code Issue Vulnerability
Intel Server Board is a server motherboard from Intel Corporation USA. A security vulnerability exists in IntelR Server Board M10JNP2SB integrated BMC video drivers versions prior to 3.0. An attacker can exploit the vulnerability to elevate privileges...
Vulnerability discovered in Supermicro BMC firmware
A vulnerability has been discovered in the Baseboard Management Controller BMC of Supermicro X12, X13, H12 and H13 systems. A malicious person with access to the data center, could exploit it to change arbitrary settings and thereby alter the operation of the Supermicro systems through the...
CVE-2023-35861
A shell-injection vulnerability in email notifications on Supermicro motherboards such as H12DST-B before 03.10.35 allows remote attackers to inject execute arbitrary commands as root on the BMC...
CVE-2023-34330
AMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability...
CVE-2023-34329
AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability...
CVE-2023-34473
AMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability...
CVE-2023-34472
AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity...
PT-2023-24897 · Ami · Ami Spx
Name of the Vulnerable Software and Affected Versions: AMI SPx affected versions not specified Description: The issue is related to a missing cryptographic step in the BMC of AMI SPx, where a user can generate a hash-based message authentication code HMAC. This could lead to the loss of...
PT-2023-24898 · American Megatrends · Ami Spx
Name of the Vulnerable Software and Affected Versions: AMI SPx affected versions not specified Description: The issue is related to an improper neutralization of CRLF sequences in HTTP Headers in the BMC of AMI SPx. This could lead to a loss of integrity if successfully exploited. Recommendations...
CISA and NSA Release Joint Guidance on Hardening Baseboard Management Controllers (BMCs)
Today, CISA, together with the National Security Agency NSA, released a Cybersecurity Information Sheet CSI, highlighting threats to Baseboard Management Controller BMC implementations and detailing actions organizations can use to harden them. BMCs are trusted components designed into a computer...
CVE-2023-34336
AMI BMC contains a vulnerability in the IPMI handler, where an attacker with the required privileges can cause a buffer overflow, which may lead to code execution, denial of service, or escalation of privileges...
CVE-2023-34334
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can inject arbitrary shell commands, which may lead to code execution, denial of service, information disclosure, or data tampering...
CVE-2023-34345
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can access arbitrary files, which may lead to information disclosure...
CVE-2023-34341
AMI BMC contains a vulnerability in the SPX REST API, where an attacker with the required privileges can read and write to arbitrary locations within the memory context of the IPMI server process, which may lead to code execution, denial of service, information disclosure, or data tampering...
PT-2023-24820 · American Megatrends · Ami Bmc
Name of the Vulnerable Software and Affected Versions: AMI BMC affected versions not specified Description: The issue concerns a vulnerability in the IPMI handler of AMI BMC, allowing an unauthenticated host to write to a host SPI flash and bypass secure boot protections. This could lead to a los...
PT-2023-24831 · American Megatrends International · Ami Bmc
Name of the Vulnerable Software and Affected Versions: AMI BMC affected versions not specified Description: The issue concerns a vulnerability in the SPX REST API of AMI BMC, where an attacker with the required privileges can access arbitrary files. This may lead to information disclosure...
CVE-2023-25776
Improper input validation in some IntelR Server Board BMC firmware before version 2.90 may allow a privileged user to enable information disclosure via local access...
CVE-2023-25545
Improper buffer restrictions in some IntelR Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access...
CVE-2023-22442
Out of bounds write in some IntelR Server Board BMC firmware before version 2.90 may allow a privileged user to enable escalation of privilege via local access...