PT-2023-1336 · Ami · Ami Megarac

Name of the Vulnerable Software and Affected Versions: AMI MegaRAC affected versions not specified Description: The issue is related to insufficient password hash computation in the Redfish and API components of the AMI MegaRAC firmware. This could allow a remote attacker to gain unauthorized...

The vulnerability of the microprogramming software of the AMI MegaRAC Baseboard Management Controller (BMC) allows a intruder to gain full access to the device.

The vulnerability of the microprogramming software of the AMI MegaRAC Baseboard Management Controller BMC relates to the use of rigidly encrypted credentials. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain full access to the device via SSH...

CVE-2022-40259, CVE-2022-40242, CVE-2022-2827 -- Vulnerabilities in AMI MegaRAC Baseboard Management Controller (BMC) software.(BSA-2022-2147)

Security Advisory ID: BSA-2022-2147 Component: BMC Software Revision: 1.0 Brocade PSIRT has become aware of several vulnerabilities discovered by Eclypsium Research affecting AMI MegaRAC Baseboard Management Controller BMC software. More information at:...

The vulnerability of the API interface of the Redfish microprogramming software for remote control controllers AMI MegaRAC allows a perpetrator to execute arbitrary code.

The vulnerability of the API interface of the microprogramming software for AMI MegaRAC controllers is related to errors during code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially crafted HTTP request...

CVE-2022-40242

MegaRAC Default Credentials Vulnerability...

CVE-2022-40259

MegaRAC Default Credentials Vulnerability...

CVE-2022-40242

MegaRAC Default Credentials Vulnerability...

CVE-2022-40259

MegaRAC Default Credentials Vulnerability...

CVE-2022-2827

AMI MegaRAC User Enumeration Vulnerability...

Code injection

AMI MegaRAC User Enumeration Vulnerability...

Default credentials

MegaRAC Default Credentials Vulnerability...

Default credentials

MegaRAC Default Credentials Vulnerability...

CVE-2022-2827

CVE-2022-2827 is an AMI MegaRAC Baseboard Management Controller [BMC] vulnerability described as a User Enumeration vulnerability via the API. Connected sources confirm the issue affects AMI MegaRAC BMCs and that patches/updates have been released by OEMs; for example, NVIDIA’s DGX Station A100 l...

CVE-2022-2827 AMI MegaRAC User Enumeration Vulnerability

AMI MegaRAC User Enumeration Vulnerability...

CVE-2022-2827 AMI MegaRAC User Enumeration Vulnerability

AMI MegaRAC User Enumeration Vulnerability...

CVE-2022-40259 MegaRAC Default Credentials Vulnerability

MegaRAC Default Credentials Vulnerability...

CVE-2022-40259 MegaRAC Default Credentials Vulnerability

MegaRAC Default Credentials Vulnerability...

CVE-2022-40259

CVE-2022-40259 is an Arbitrary Code Execution vulnerability in AMI MegaRAC Baseboard Management Controller (BMC) software, exploitable via the Redfish API. It is part of the MegaRAC BMC family (often listed with other BMC&C flaws) that affect multiple OEM platforms and can enable remote code exec...

CVE-2022-40242 MegaRAC Default Credentials Vulnerability

MegaRAC Default Credentials Vulnerability...

CVE-2022-40242 MegaRAC Default Credentials Vulnerability

MegaRAC Default Credentials Vulnerability...